Best practices for keeping your business’ information secure

This week, we're doing something a little different on the Security Strong Podcast. It's just me, we're doing kind of a fireside chat mode here. I'm sitting in a rocking chair near the fire and I am thinking about the various awesome guests we've had since we started the podcast, I'm thinking about what we do as a security company, and I thought why don't we share some of the best practices and go through a top list of things that you can do to stay secure. 

Security as a Process, Not a Product

A lot of times when people think about security, they're thinking about buying the basics, they're thinking about buying a firewall or antivirus software. Those are products you buy and those are critical because we want to make sure we're getting those. But really those things are obvious, but if those things are not configured properly if they're not used properly, you still have a security hole and so that's what we refer to it more as a process, not a product. You might think about it like for your home where you have a lock on your front door to keep you secure, but it's engaging the lock when you’re walking out of the house by locking it that's really what has to be secure. The other thing we talked about is you've got all these different things for security. You've got the antivirus, you've got the firewall, you've got the processes down, but security is really only as good as its weakest link. So as we're talking about these different things you want to think if any of these weak links for me because that's where the breach is likely to happen. 

Why Security?

Security is really about the confidentiality of your systems, the integrity of your system, and the availability of your systems. So confidentiality of your internal-external data, making sure that only authorized users are seeing that information, the integrity of your data, making sure it's not changing so people don't mess with your payroll, and no one's messing with your contracts that isn’t supposed to be messing with your contracts. Lastly is the availability of your systems because if you can't get access to your data, you can't get access to the business programs you use.

User Accounts

User accounts are those IDs that you use on your computer that you log in with. That user that you're logging in with, is assigned various permissions and rights, and there are 2 basic categories of users: administrative users and standard users. Administrators can install software, modify software, change the configuration of software, whereas standard users typically can't. One study determined that running as a standard user would prevent attackers from exploiting 94% of the critical vulnerabilities that Microsoft patched in that same year. It used to be a very common practice for everyone to be an administrator because it was the easiest, but it's less common now. The action for this is to make sure you create a separate log-on ID with administrator privileges and only use that administrator account when you have to administer the system, like when you're patching and modifying software, otherwise, run as a standard user. That way, if you happen to catch some malware, it's less likely to impact you and your system because it can't do anything because it's not an administrator.

Password Policies 

Strong passwords mean that they're hard to guess or hack. So when we’re thinking about passwords, I like to think of one of my favorite sci-fi movies, Wargames, when he was sent to the principal's office, and he wanted to, and he wanted to get the password to the computers for the school, so we could change his grades, he opened up a drawer, and on there was a piece of paper and it wrote current password was “pencil.” So you want to make sure you're not using any single words, anything that's found in a dictionary, and no common phrases. It is better to use special characters, numbers, upper and lowercase, and spaces even. All of that makes for a good, complex password and if you need to just pad it with something, add some characters or add even a common phrase to the end of a complex password because length when it comes to a password is critical. The longer the password, the more complex it is, and the longer it takes to try to have a computer brute force or guess what that password is. Also do not reuse passwords across systems, especially websites, cloud services, because if one password gets out of your control they're going to go try that password on all the different systems that are out there. You also want to use a password manager. That way you can go into the password manager at the database. It's a secure, strong database that can't be hacked for your passwords. So the action for today is to verify that your passwords are strong.

Visit https://tobinsolutions.com/ to learn more!

Join us for our next episode by connecting with us at http://securitystrongpodcast.com/