Not long ago we talked about how to protect your customers’ important data. Now let’s discuss ways to safeguard your company’s internal systems and databases.
There is a quiet but ongoing war between hackers and IT security over preventing unwanted access to the systems of businesses and organizations. The challenge for those of us on the protection side is that there’s always a new bug or program cropping up to infiltrate computer networks – often without us even knowing at first – such as the Heartbleed virus you’ve probably heard about.
Many business people who are non-technical in nature think simply having a firewall and anti-virus software in place is enough to defend your company’s internal systems and databases. But this may not always be the case with today’s most sophisticated data infiltrators. So you should take proactive steps to protect them before the bad guys think to target you.
Some of this may seem self-evident, but you would be surprised how many organizations fail to physically secure their systems. This includes:
- Having a locked room where the company’s servers are located, with only senior management and IT experts allowed access.
- Making sure all laptop computers that are owned by the business or contain company data are accounted for at all times.
- Ensuring that computers both inside and outside the office are protected with encryption software. This can be done in one of two ways: encrypting individual devices so unauthorized people can’t access it, or storing all your crucial information in one place and having employees access it remotely.
One thing to guard against is what we call social engineering, in which hackers interact directly with a person to try to trick them into giving up their passwords, or fool IT staff into giving them access by resetting a password. Having strict security policies and ensuring everyone adheres to them is how you protect against social engineering.
Doing such things as making people verbally give you their pin code over the phone, and shutting off their access if they can’t get it right in a certain number of tries, may seem harsh. But it greatly reduces the chances of a hacker getting into your company’s databases or taking over your website.
Then there is the familiar issue of passwords. Everyone feels hassled about having to remember so many passwords these days. But a little frustration is well worth the security that comes with having a strong password system that is unlikely to be broken by hackers who use randomization programs to guess your access codes.
Your password criteria should be: no less than eight digits; use a mix of upper- and lower-case letters, numbers and symbols; and change it often – once every 72 days is recommended.
Disgruntled employees can be a major source of IT intrusion. If you know a certain worker is going to be terminated, work in advance of their notification to make sure they can’t do any important damage.
Finally, at least once a year, have your IT manager or consultant do a complete “sanity check” of your system, performing a top-to-bottom review of things like security protocols and data recovery backups.
If you need to consult with an expert about protecting your company’s data, please call Chris Edwards at (317) 613-7855 or email [email protected].