tech

When we approach any new customer, we have some steps in mind that we want to take to ensure good small business network security. Sometimes, the customer has a majority of these steps already covered. Sometimes they go 0 for 10.

You might think that network security is only something big businesses need to worry about. You’d be wrong. If you’re hacked, comprised, or struck with ransomware, your business will suffer and it will cost you time and money trying to recover.
Here are some steps to take.

1. Use G Suite or Office 365 for your email and productivity suite
2. Restrict local users to only standard accounts on workstations
3. Ensure all Windows patches are installed
4. Backups of all of the critical data
5. Make sure all workstations have up to date antivirus
6. Train your users to identify phishing emails and other security concerns.
7. Don’t use a residential router
8. Don’t have a wireless network without a password
9. Set workstations to lock after a certain length of time.
10. Have workstations that are no more than 3 years old and are running the latest operating system.

Are there any additional steps you would add to ensure good small business network security? Which is the most important of these steps?

Photo by THE 9TH Coworking

We tend to see more phishing emails making the rounds when we are in more turbulent times. What exactly is a phishing email? Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
Here are some hard and fast rules when it comes to phishing emails.

• If you are unsure whether a link from a company is legit, go to your web browser and type in the address instead of clicking the link.
• UPS and FedEx will never send you an update about a package that requires you to click a link. Won’t happen. Ever.
• If you get an unsolicited email from a company you’ve never heard of telling you there is a problem with your computer, it’s fake. In that email, they’ll say call immediately before its too late. Don’t call, it’s a scam.
• When you get an email that looks like it’s from your bank or PayPal saying they need to update information in your account. Don’t click on the link. Paypal and financial institutions will never send an email asking you to update your info. It will never happen.
• Microsoft will never send you an email asking you to download an update. Never.
• You get an email that looks to be from someone high up in the organization asking you to send money to someone else. Stop! Call the higher up and verify by their voice that this is their legitimate request.

These are just a couple of scenarios that criminals will use to try to get your info. Don’t get fooled. Take a minute. Step back. Look at the email address that it came from. Is the spelling way off? Examine the web address of the link.

You need to be extra vigilant. Around every corner, criminals are attempting to fish for your info in phishing emails. Don’t be a victim.

2 step verification, multi-factor authentication, or 2-factor authentication are ways to describe the security model of using a step beyond your password to authenticate yourself. Because so much of our personal and work lives are online, we need to do anything we can to provide an extra level of protection to those accounts.

The Simple Password

Creating a strong password used to be enough to feel like your online accounts were safe from prying eyes. Make it at least 8 characters and add in some numbers and a special character and you are good to go. Unfortunately, crooks have devised easy ways to steal those passwords with malware and through other nefarious ways. Bad guys will steal your passwords when they are sent in plain text over public WiFi networks. They’ll steal your banking password when you’re the victim of a phishing attack using a fake web site. They can even crack your password by running a dictionary attack. This is where they throw every word in the dictionary at it until something sticks.

Protecting Yourself

To protect yourself from being a victim of any of these attacks, take your security to the next level with 2 step verification. Even if the bad guys figure out what your password is, they don’t have access to your phone where you get your 2 step verification code.

How does 2 step verification work? The web site where you have 2 step verification configured will still have a place to enter your username and password. After you enter them successfully, you will get prompted for a code. The site will determine how long the code is. Some sites it is 6, while others just use a 4 digit code. The method of delivering that code can vary too. The majority of sites deliver the code via a text message. Others will deliver the code via email. After you get the code, you enter it on the site and then get access to your account. With 2 step verification enabled, you no longer just need that much-valued password to get into your online account.

A More Secure 2 Step Verification

While the most common method of delivering that 2 step verification code is the text message, it is not the most secure. Using an authenticator app on your phone is a better way to secure your account. If the website allows it, and not all do, you should use an authentication app like Google Authenticator or Authy. My preference is Google Authenticator. Instead of being sent a text message that could get intercepted, you go to the authentication app on your phone and type in the number that is displayed. You can have multiple accounts set up in one Google Authenticator app.

Hackers will not stop trying to get access to our critical data. At the very least we need to have 2 step authentication enabled on our accounts to have a fighting chance against these criminals.

See also How to Identify and Protect Yourself from Phishing Emails