In a previous post, we looked at network security basics like antivirus and firewall configuration.
Here, we suggest a few tools & tips to integrate security into your day-to-day operations.
We use passwords every day, but we rarely think about how we could improve their security. We should though, because it's such a basic and integral part of your overall network security.
Ideally, you should use a different and unique password for each program you use.
In reality, that's difficult to manage because it means remembering a lot of passwords and knowing which site each one is for. Fortunately, tools like Lastpass can remember for you.
Lastpass is a browser extension that works with Google Chrome, Firefox, Safari, Opera, and Internet Explorer. Once the addon is installed, it offers to remember any passwords you type into the browser, along with the address of the service you're using. It then stores your passwords offsite, in Lastpass's own secure servers.
Like other cloud-based services, Lastpass ensures that your information is available everywhere and synced across all your devices.
Perhaps more importantly, Lastpass can generate passwords for you. When it detects a password field, the program will offer to generate a unique password. If you accept it, the addon will automatically enter that unique password into the password field and save it in your master database.
When Lastpass detects that you're on a site for which you've saved a password, it will offer to fill in the username and password fields for you, automatically logging you in.
So you don't even need to remember your own passwords. Instead, you'll simply need to remember a single master password to gain access to your Lastpass database.
Do's and Don'ts for Passwords
Good passwords are the fundamental building block of a good security strategy.
Even if you use a tool like Lastpass, you may still need to generate a password yourself every now and then.
Chances are, most of us are using poor password strategies, making it easy for hackers to log into our accounts and access our personal information.
Even the term "password" is outdated. If you tend to use uppercase characters and symbols in your passwords, you're not as protected as you could be.
Hackers have caught onto the tendency to use these extra characters, and have written programs which can easily crack such passwords.
Passphrases, however, can be much more effective. A passphrase is a unique combination of words used as a password. The key is the length: the longer the password, the harder it will be to hack. Ideally, you'll want to string at least three unrelated words together to form a passphrase.
For extra peace of mind when creating a password, try running it through Microsoft's online password checker. Never use a password with a rating less than "strong."
Make Security Part of Your Operating Procedure
Security is only as strong as your weakest link, so it's important to make sure that you and your employees use good security techniques throughout their workday. A few tips:
- Keep all computers up to date: security updates include information about new threats to your PC. If it doesn't know the threats, it can't stop them.
- Limit file sharing and instant messaging app use: any piece of software that can send files back and forth over your network can be a risk. This includes instant messaging and peer-to-peer file sharing apps like Skype, Snapchat & Facebook’s Instant Messenger.
- Limit the use of personal USB drives: removable drives can transfer malicious programs directly, completely bypassing the network and its layers of security.
- Keep your web browser up-to-date: web browsers like Google Chrome and Internet Explorer update regularly, and those updates often include increased security measures.
- Learn about two-step verification: many modern web services offer two-step authentication. When enabled, you enter your password as expected, then a verification code is sent to your mobile phone which you enter into your web browser to access the site. To steal your data, hackers would need your password and your mobile phone.
- Educate your employees: the more knowledgeable your employees are about standard security procedures, the better. Sharing this information with your team is a great start. Educate them on the warning signs and what to look for so that they begin implementing basic security procedures into their workflow. For example, if an employee receives a flight confirmation email, but never booked a flight or if they receive an email from a bank where they don’t have an account, that’s a red flag that the email is malicious. Make sure your employees know not to open suspicious links or emails and notify your IT support or leadership team.
The business of keeping your network secure can seem overwhelming, but it doesn't have to be. Once you understand the basics, it's relatively easy to keep yourself protected.
With many businesses making the shift from Windows XP to a more modern Windows version, now's the perfect time to evaluate your needs. If you need any assistance, we're here to help. You can email us or call our Helpdesk on 02 4254 5444.