Wellness Checkup: Your Company’s Online Security


Time for a reality check.

In 2015, more than 80% of American businesses reported that their information systems had been hacked.1 In 2016, that number grew to 90%; nine out of 10 U.S. businesses were victims of at least one hacking incident in the past year.2

The sad fact is an entire industry has grown up around the nefarious enterprise of stealing your information. They are relentless in the effort, too. And one of the best tools they have to work with is your own complacency. You haven’t been hacked yet, so everything must be working, right?

If complacency is the hackers friend, vigilance is yours. Commit to giving your business security checks on a regular schedule. Security technology and protocols are constantly evolving to stay a step ahead of the hackers. A regular checkup can identify both weaknesses and upgrade opportunities that weren’t there the last time you checked.

So what should you look for? Glad you asked. Here’s our recommended list:

1. Is confidential information securely handled?

Confidential information includes, but is not limited to: Social Security Numbers, Credit Card Numbers, Financial Account Numbers, Passwords, & Addresses. Be sure that this information is kept in a secure, locked room. Properly disposing of this information is important to mitigate the risks associated with criminals searching through trash or garbage for useful information. This is referred to as Dumpster Diving. Paper records should be shredded. Electronically stored records should be destroyed using software designed to prevent recovery of the data.

2. Is your network supported by the services of an IT Professional?

IT Professionals are trained technologists who can help you assess the stability and security of your computers and network. They can recommend improvements in your security practices that can help protect your data while securing your network. Their expertise can also be enormously helpful in ensuring the operating efficiency of your systems and in optimizing system longevity and performance.

3. Are you using the latest Firewall or Intrusion Prevention technology?

Firewalls maintain the security of your network and computers. They are used to block unauthorized traffic, software, and users from gaining access to your systems. This is considered the first line of defense for securing confidential and/or sensitive information. Intrusion Prevention/Detection systems are designed to detect/prevent malicious activity from entering the network. An IPDS monitors a system based upon the policies set by the owner. A violation of the policy base will trigger an alert of malicious activity, and in most cases, the malicious traffic will be prevented from accessing the network. Ensuring that your firewall and IPDS systems are current is a vital control for mitigating risks. Vendors are constantly releasing updates that will enhance the security of your technology.  Those updates respond  to newly identified vulnerabilities and decrease your exposure to hackers. 

4. Are you regularly scanning your system with the best and latest anti-virus software?

With all the malware out there these days, installing anti-virus software is essential to any comprehensive plan for network security. But how do you know what to buy? Here’s the short list of brands we recommend:

Free Software:
• Panda Free Antivirus
• Bitdefender Antivirus Free Edition
• Avast Free
• AVG Antivirus Free

Licensed Software:
• Webroot SecureAnywhere Antivirus
• Bitdefender Antivirus Plus
• Kaspersky Anitvirus
• Trend Micro Internet Security Avira

It’s also important to make sure you’re using the latest definition update of your software. Set the latest virus database definitions to run at least once per day.

Finally, make sure you use your anti-virus software to runs scans of your network at least once every week.

5. Are you using the most current edition of your operating system?

Keeping your operating system up to date is essential to your network’s security. Upgrades often include modifications that respond to vulnerability issues. The most recent versions of Windows operating systems also allow you to create a limited or standard account that does not have administrative privileges. This limited account is intended for users who are prohibited from changing most computer settings and deleting important files. Limited accounts also prevent users from installing software or hardware on their own, although they can access programs that have already been installed on the computer. By setting up these limited accounts, an administrator can prevent unauthorized changes to computers in the network.

6. If multiple users access the same computer, do they have separate user names and passwords?

They should. Separate logins enhance security and protect confidential information.  Each user essentially can have their own account with their own browser windows and privatized search
history. Each user can also store and access files that are secured, as well as view and send their own emails.

7. Do any of the computer users have administrative rights?

Local administrative rights should only be given to those who have a need to perform administrative functions. In the wrong hands, the privileges of administrative access would make it possible to:
• Change permissions on the computer
• Modify or remove security features
• Install software and drivers in ways that could diminish the performance of the computer
• Install malicious software such as key loggers, backdoors, and Trojans
• Escalate privileges to other devices and ultimately compromise your entire network

The information generated and retained in your company’s computer network is an invaluable asset to the efficient, successful operation of your business. With multiple users and access points, there is always a very real chance of compromising that asset with potentially devastating consequences. But with regular, vigilant attention to these key security issues, you can dramatically decrease your exposure.

Operating System: Microsoft Windows
Recommendations: Anti-virus Software & Windows 7 or Higher
Resource: Go to: www.microsoft.com/en-us/security/default.aspx

Operating System: Apple
Recommendations: Make sure “software update” is enabled from the Apple Menu; Schedule Weekly checks for new soware in updates in “system preferences”; Version 10.10.2 or Higher
Resource: Go to: support.apple.com/en-us/HT201541

1: http://www.cbsnews.com/news/percentage-of-companies-that-report-systems-hacked/
2: http://www.brinknews.com/survey-90-percent-of-u-s-businesses-suffered-hacking-incident/