Wondering what to do in the office on that bunch of slow days during the festive season? One option could be to check out a recent Google study, which shows a major disparity between what IT users and security experts view as the most important steps in securing data, computers and networks. According to the study, consumers often rely on tips and tricks from friends and ads for anti-virus software. Security experts, on the other hand, really size up threats as part of their job.
To get your 2016 started in a safer way, we wrote up tips that will help you get your IT systems up to the experts’ security standard. Not only will they enable you to safeguard your confidential business information, but also to prevent personal threats like identity theft. While some of these actions may be time consuming or even downright dull to implement, in the end you’ll thank yourself for pulling through. Go on, roll up your sleeves!
1. Make automatic backups and test them
You might ask why backups are a security tip. Well, IT security is largely about the integrity of your data. If something goes wrong with your data and you don’t have copies of it, you’re obviously out of luck!
We all know hard drives break and files get deleted. But did you know that one of the most common types of malware right now is something called ransomware? Ransomware is scary stuff: it holds the victim’s data hostage by encrypting it, with unbreakable, cutting edge technology.
Ransomware viruses often threaten to delete all user data if a hefty lump of money isn’t paid within a limited amount of time. The payments are made in Bitcoin transactions, which are virtually impossible to trace.
For maximum protection against ransomware, use a backup method, which doesn’t use direct file access and includes a version history. This stops the malware from encrypting your backup disk. Miradore Management Suite includes such a backup tool, built right into our complete set of tools for IT systems management. For an IT person, implementing Endpoint Backup using Miradore Management Suite rivals the ease of use of the Internet’s favorite standalone cloud backup solutions like Crashplan and Backblaze, but without the extra cost.
2. Install updates!
In the real world, all code that powers computers has bugs. Some bugs are annoyances, others cause crashes and potential ways to access computers and run malicious code. Thankfully, responsible software vendors make it easy to install updates, patches or fixes for their products, even automatically.
Customers and partners imply trust when they chose to do business with someone. This implies that everybody assumes that IT systems are up to date, even though this requires real work and know-how. Here at Miradore, we’re all about helping businesses honor the trust placed in them. Miradore Management Suite is useful for any business which has grown larger than one person and a laptop. Our software can make sure updates get installed and delivers the reports to confirm it.
You might wonder what the big fuss is all about. So here it is: any security expert will confirm that the timeliness of security patches for operating systems, web browsers and any other exposed apps, can’t be underestimated.
Malware often relies on bugs in web browsers and plugins like Flash and Java to spread. The reason we really like Google Chrome on Windows and OS X is because it receives updates without you even noticing – not only for itself, but for the Flash Player too.
Even your operating system may have amazingly weird problems. Recently, Windows was patched for a vulnerability that could’ve allowed a malicious font file to take over and run code. This may all sound weird, but the bottom line is that your software nags about updates for good reason!
3. Don’t rely solely on anti-virus
Here’s the heavy news: over-hyping the capabilities of anti-virus software may be the greatest and most dangerous misunderstanding among computer users today, both at home and at work. Security experts know the painful truth: If companies don’t educate their employees, AV software can spread a false sense of security.
Some high-profile security professionals, perhaps unwisely, make something of a party trick to mention that they’re not using anti-virus software. We want to make clear that we don’t suggest that you skip the renewals of your anti-virus subscription. Please don’t.
On the contrary: we know for a fact that anti-virus is a great second line of defense when dealing with real world risks such as humans, who sometimes are in too much of a hurry to think. In fact, we humans here at Miradore really like anti-virus software. So much so that we make the products from several security vendors easy to integrate with Miradore Management Suite. This helps to make sure all computers have up to date protection!
Just keep in mind that anti-virus software can offer protection only from threats already identified in buzzing 24/7 security labs. Such protection does cover a lot of ground, as old threats frequently resurface. But in our fast-paced world of both criminal malware and state sponsored cyberwarfare, any business must try to educate and remind their employees: it’s end user behavior that counts when push comes to shove.
4. Your choices and downloads seal your fate
So, if it’s unwise to overly trust the warm feeling you get from green checkmarks in your anti-virus software, what’s a small business to do?
Firstly, don’t download software from sites you don’t know. If any site claims you need a new version of plugins like Flash or Java, don’t follow the download links. Use a well-known search engine, like Google, to find the original download page.
If your browser features some weird search engine that tries to look like Google, you might already be in trouble. Those suspicious search sites are far from harmless: if nothing else, they’ll probably resell a lot of personally identifiable information. Also, be very suspicious of any software that installs “added value” like browser toolbars.
Secondly, and this might be something you don’t want to hear. For home users and small businesses without resourceful IT departments, malware is like cockroaches in the kitchen. If you notice one, assume there’s thousands of others waiting to be discovered. This means the damage has already happened and you must assume your data may have been breached. To eradicate the uninvited guests, reformat your drive and reinstall the operating system on your computer. No, this is not being paranoid, but being responsible! Luckily, Miradore Management Suite can make system reinstalls much less of a nuisance.
Finally, this topic is downright sticky, but it needs to be addressed: avoid seedy parts of the web. Porn and pirate sites in particular are sometimes among the first to distribute undiscovered malicious code directly to your browsers. It’s in the nature of new viruses and “zero day” vulnerabilities that a fully updated system won’t protect you against them.
5. Use unique passwords and password management software
Reusing passwords is a common, dangerous vice. The problem is that reused passwords, especially combined with a user name like an e-mail address or handle, is like leaving a key to your home around town.
The best way to tighten up your password habits is to let an app like LastPass, 1Password or Dashlane generate and remember more complex passwords than you’d ever use by yourself. Your passwords are encrypted with a strong password, hopefully one of the last passwords you’ll ever have to remember.
A good password manager app that also syncs with your smartphone might cost some money. Setting it up takes a while too, as you need to log in to all your different online accounts and preferably change to long, unique passwords. But needless to say, it’ll save you a load of time and grey hairs in the long run.
6. Use multi-factor authentication
Long, random passwords are harder to guess, but password databases can still leak, and poor security questions for password resets can undermine otherwise responsible services like those of Google, Yahoo and Apple.
Think of passwords as proof of your identity. By adding a personal possession to the mix, like a cellphone that can receive SMS, breaking authentication becomes harder. Many corporate and internet services now use schemes like these. To improve your chances to survive a password leak, check out how to enable multi-factor logins on Facebook, Google, Microsoft and Yahoo and other major services.
There you go! Six basic tips to get you started on a path to a sustainable security model. Once you’re well on your way, check out part two of this series to take your security consciousness even further.
Photo credits: Got Credit + Yuri Samoilov + Perspecsys
Latest posts by Thomas Nybergh (see all)
- GDPR: Action Check List, Part 1 - 19.06.2017
- Non-Microsoft Patch Management with Miradore - 02.06.2017
- MSP World Spring 2017: 4 important things we learned while there - 20.04.2017