Too often, discussions around IT security focus on being defensive. The prevailing mindset is that by putting certain measures in place, you can comfortably sit back behind the walls of a virtual ‘castle’, and any attackers will simply go away. But the reality is that attackers never just go away. They come back time and again, and without taking measures to maintain and improve your perimeter, it’s only a matter of time before they get in.
The best way to protect your business from Internet threats is to be proactive in how you approach security. That doesn’t necessarily require a large time and monetary investment. In many cases, it means simply making a start and doing some of the simple things right. Taking a few basic steps toward security goes a long way toward deterring many of the most common security threats.
Here are a few simple things you can do to be proactive about security, and reduce the chances you’ll be a cybercrime victim:
- Use a strong password policy. A strong password is one that cannot be easily guessed (no birthdays, phone numbers or 1234) and uses a mix of upper- and lower-case letters, numbers and special characters. In addition, passwords should be changed often – at least every 90 days. That way, even if someone were able to gain access to your systems it limits their window of exposure. Lastly, use different passwords for different services, and change your passwords everywhere. For example, your modem or router has a password on it used to gain access to the configuration settings. If you haven’t changed it yet, you’ve closed the door but left the keys in the lock.
- Be vigilant. Adopt a security-first mentality that permeates throughout the business. Maintain a list of who has system access, and remove their system access when it is no longer required. Train your staff on how to avoid common security pitfalls, like phishing attempts, malware, or suspicious downloads.
- Physical security is important too. Site security is more than just locking your doors at night. For example, your EFTPOS terminal can be easily swapped out for another, or compromised with a tiny skimming device. Conduct regular checks for anything that looks suspicious. For example, do cards slide through easily? Is the faceplate loose? These could all be signs that your terminal has been tampered with, and should be reported to Police.
- Maintain a patching schedule. While some software packages automatically update, many require users to check for updates and authorize installation. These updates often contain security patches, and are critical to keeping your software safe and protected over time. This is especially true for antivirus software, which is constantly updated as new threats emerge.
Mako is proud to partner with Connect Smart Week, a New Zealand government programme to improve online safety. Learn more at the Connect Smart website.