The web has revolutionized business. It’s hard to think of something we do throughout the day that doesn’t need the internet. But the more data we store, send, or receive online, the more likely we are to have security issues. Here are some basic security tips to ensure your business is safe and secure.
Table of Contents
Set Up Auto-Updates
Set updates to be automatically installed on company computers/devices. This is an easy way to prevent hacks—just set it and forget it. Automatic updates provide patches and bug fixes that prevent future security issues.
Create a Security Help Page on Your Website
Set up a page on your website to show security info about your business. Be sure to include things like:
- The email visitors can use to report a security incident
- Open PGP key
- Security policy
- Acknowledgements of who has reported security vulnerabilities and who helped you create a more secure website
Teach Your Team to Handle Unexpected or Unwanted Emails
When an employee receives a spam or phishing email, they should know exactly how to handle it. These are some of the most common cyber security issues practitioners are faced with. Let employees know they can forward any messages/emails they are unsure about to your tech or cyber security team.
It’s also a good idea to update employees on what to look out for, so they know when an email is attempting to phish them. Common phishing emails often:
- Look like they’re coming from a company you trust, like your bank or Netflix
- Claim they have package waiting to be delivered once you give personal information
- Offer free items or mention ways to get free money
- Tell you they’ve noticed odd activity or log-ins to accounts
- Ask you to scan to QR code for a free app
Don’t Assume You’re Safe
Don’t make assumptions that your systems are secure. Check for things like enabled automatic updates, strong passwords, and that you’re using a secure hosting provider.
If you’re unsure of the best practices for strong passwords, consider using a password app. Apps like LastPass can create and store complicated passwords that would be near impossible to guess.
Another thing you can do is setup two-factor authentication (2FA). Suppose your passwords are easily hacked or phished. Without two-factor authentication, any information those passwords protect can be shared and copied anywhere. With 2FA, hackers will need more than just a password to gain access.
Make sure your hosting provider is up on common security threats and has the latest security features, like Sever Secure for host vulnerability management. It might be a good idea to save their contact info so you can easily let them know of any new vulnerabilities. Because if you don’t let them know, someone else could easily use that vulnerability for nefarious purposes.
Finally, periodically check to see if your email or website has been compromised with Have I Been Pwned? (yes, that’s the name of the site). All you need to do is type in your website or email to see if it has been affected by a recent security breach.
Keep Your Team on Their Toes
Just like you shouldn’t assume you’re safe, you shouldn’t assume your employees are all caught up on safety protocols. Here are a few things you can do to test how ready people are.
Send out fake phishing emails to see if team members click on shady links or volunteer information. Re-train the employees who fall for the fake scam.
Send fake QR Codes. Like a phishing email, QR codes can easily send your employees to harmful websites or even prompt them to download malware. Seeing who scans unsolicited QR codes lets you know who needs a refresher on how to spot scams.
If You’re Attacked: Act Now and Act Fast
If you’re attacked, quickly address the situation and triage any threat. Everything online is under constant attack. Here are some simple steps you can take.
- Assess the damage and locate where the attack could have come from. It’s best to form a team of knowledgeable people who know how to deal with these situations.
- Change all passwords. This is super important. Even if you think a password is safe, it might not be. Change it before another attack happens.
- Check for updates. If the attack came from a known software problem the software company may already have an update that addresses the issue.
- Take services offline. Once you’ve identified the source of the attack and changed all passwords, take all affected services offline until you know everything is secure.
- Contact the authorities. A cyber-attack is serious business. Let the authorities, clients, and customers know so they can take the appropriate action. This is also a good time to loop in your legal counsel so they can better advise on next steps.
- Stay current on all software updates and possible threats. If you have a cyber security team, tell them to let you know when a new credible threat emerges and what they’ll do to keep things safe. They should also send out company-wide emails of any common threats so employees know what to look out for.
Keeping your company safe and secure is an ongoing task. Don’t set things up once and think you’re done. Continue to evaluate your safety measures and update them as new threats become known. Use 2FA, automatic updates, be up to date on security trends, and monitor your site for threats. A business that stays alert is a business that’s ready to handle anything.
Joshua Burnham is the Security Operations Manager at Liquid Web. Josh has been with Liquid Web for eight years, three of which have been spent as a leader of the Security Team. He started his career there in the Linux Support team and quickly developed a robust skillset that organically drew him to a security-focused discipline. Brian enjoys getting into the weeds of security issues to fully understand a problem before diving just as hard into a solution.