What to Include in Your Internet Security Policy

policies procedures bindersWhether you’re just launching your new enterprise or you’ve been in business for a while, you’ve probably outlined a set of policies and procedures designed to ensure the safety of employees, foster a welcoming workplace, and ensure efficiency in operations. Now you need to consider that modern business is conducted not only in board rooms and cubicles, but in virtual space as well.

It is therefore imperative to create an internet security policy to complement your other operational policies and procedures. Of course, such policies are still in their relative infancy.  With new threats popping up all the time you may feel some anxiety about your ability to keep up.

The good news is that many other businesses are in the same boat.  A consensus is beginning to form concerning the best ways to develop and implement flexible internet security policies. These strategies are designed to adapt to technological advances and the evolving nature of hackers. Here are just a few key points you’ll want to include in your internet security policy.

Security Strategy

Planning your policy should begin with considering a security strategy. This could include listing your objectives when it comes to implementing and maintaining internet security. It might also cover your ethical and legal responsibilities in terms of privacy laws meant to protect customers and employees.

Your policy should also include the variety of systems you use that operate online. Note how to protect each one with relevant security software and employee usage guidelines. Detailing these points will help you determine the course of your internet security policy. This way you can delve deeper into pertinent issues like which software to purchase, how much to spend, and how to train employees to do their part.

Specific Programs

You may need some professional guidance when it comes to planning your internet security policy.  If your business uses specialized software or equipment, your policy should include proper procedures pertaining to each specific system, network, and program you utilize. Naturally, this portion of your policy may change over time as you implement new software and systems.

It might seem like overkill to list specifications for hardware and software. However, if you expect employees to properly utilize these systems as part of their job, they need to understand potential risk factors so they can behave appropriately and keep your online operations secure.

Authorizations

Compartmentalization is a great way to increase the level of security for confidential data. For example, everyone in the company might need access to an employee directory, but you may limit access to financial records to only your finance and executive team.

While you may want to foster transparency and openness, you don’t necessarily want all of your employees to be privy to executive planning and communications.  You also can’t allow unfettered access to sensitive customer data like credit card or social security numbers. By compartmentalizing and setting up a system of authorizations for different positions, you can help to protect your company and your customers.

Don’t forget to include behavioral information in your policy as well. You need to make it clear that employees are not to share access with one another or with outsiders and that they will face penalties for doing so.

Password and Network Policies

Some of your internet security policy will focus on the technical elements of securing your online operations. The rest will pertain to employee behavior as a means of teaching workers how to behave in a manner that helps to protect the company.

Your employees no doubt have passwords to access computers, accounts, networks, and data. Your password policy should provide clear rules and regulations regarding how to access resources and how password usage works.

It seems almost silly in this day and age to remind employees not to share their login information with anyone, including their coworkers. Yet, it is still necessary to include this in your policies, along with protocols for password creation.

You also need to train employees to operate in a careful manner when it comes to email and other network usage. Some of the most common ways hackers gain access to company data involves employee error. This includes the use of weak passwords and blunders like clicking spammy links, visiting dangerous websites, or downloading files that contain viruses, spyware, or malware.

Expectations and Penalties

Employees need to understand what you expect of them when it comes to internet security. It is also important that they understand the consequences, to the company and to themselves, should they fail to act appropriately. Irresponsible behavior could result in a devastating data breach. Spell out penalties associated with such failures so that workers have ample motivation to follow your internet security policy.

Are Hackers the Only Threat to Your Site Uptime?

page-not-found-688965_640Every business that operates in the online arena, either solely or in concert with a brick-and-mortar establishment, fears hackers. For years, experts have warned that it’s not a matter of if, but when a company will be hacked. If it can happen to mega corporations, healthcare providers, banks, and even government entities that have the highest levels of security, it can definitely happen to the average business.

This is partially due to the fact that most businesses are woefully under-protected when it comes to internet security. Or perhaps hackers are just one step ahead. The outcome is the same – your business suffers when hackers cause site downtime and steal, corrupt, destroy, or ransom your data.

Of course, hackers are not the only cause of website downtime. Although hackers pose a real threat, there are other reasons why your website might suffer unscheduled downtime. This interruption of service will annoy customers and cost you money.

The good news is that you’re not the first business to deal with such problems and you can learn a lot from those who suffered before. Preparing yourself to recover from downtime starts with understanding potential causes and then determining how best to plan for recovery. Here are a few threats to your site uptime and what you can do to minimize them.

Web Hosts

It’s important to take your time when it comes to choosing a suitable web host. You will first want to consider the bottom line regarding rates and scalability.  Just as importantly, you want to make sure the vendor you select has a solid reputation for service. Look for a host that offers some guarantees (by way of reparations) should you suffer unscheduled downtime.

No web hosting service can guarantee 100% uptime, so if you hear this promise you should probably keep looking. However, reputable and reliable providers should warn you well in advance of scheduled downtime. A good hosting service will be available to help you address and troubleshoot issues with downtime and, in some cases, they may even back up their guarantees with a policy of repayment for any unscheduled downtime you do suffer due to problems on their end.

Traffic and Bandwidth

Business owners must always concern themselves with the bottom line if they want to run an efficient and profitable operation. In terms of bandwidth, you’ll have to try to calculate the amount of virtual traffic that is likely to come in so that you can pay for an appropriate package.

If you miscalculate and you experience more traffic than anticipated, your site could go down. This will leave visitors and patrons unable to peruse your wares and make purchases online. A web host that offers scalability will allow you to ramp up quickly should such issues arise.  However, you might want to err on the side of caution by opting for more bandwidth than you think you’ll need and then scale back if you’re not using it all.

Employees

Hackers are a definite threat to your business, but one of the most common ways for hackers to gain entry to your system is through your employees. This happens most often when employees are careless with login information. By creating weak passwords that are easy to hack or allowing others access to their login information, these employees are putting your system at risk.

Employees may also behave in an unsafe manner by visiting dangerous websites, opening emails from unknown senders, or clicking suspicious links. All of these ill-advised actions could result in hackers gaining access to your system and shutting it down from the inside out.

There are two good ways to deal with this. First, you should train your employees to behave in an appropriate manner when using company resources. Second, you should use software protections that prompts employees to create strong passwords (and update them frequently), that warn employees when they’re about to do something dangerous, that requires additional confirmations for downloads, or that outright denies access to certain online resources.

Monitoring and Alerts

If you want the best chance to minimize and address website downtime, regardless of the cause, your best bet is to hire a monitoring and maintenance service. These professionals can not only monitor your site and alert you when problems arise, but they can help you to plan for action and recovery when downtime does occur.

5 Tips for Creating a Secure Password

Remember when you created your first AOL account and you could use your real name (without a slew of numbers behind it) and create a simple password that was a mere four or five characters longs? Nowadays, you’re John_Smith260548 and your password is some crazy combination of letters and numbers you can’t possibly remember.

This is all for your own protection, of course. Not only do we have to contend with data breaches on massive scales, but if your passwords aren’t secure, you can look forward to diligent hackers slicing through your defenses like tissue paper and stealing your sensitive personal data in the process.

In other words, you need to be your own best advocate by creating passwords strong enough to protect your online accounts, including your email, any clubs you join, and e-commerce sites that save data such as your credit card number. Plus, it hardly needs to be said that you’d be in real trouble if hackers accessed any accounts containing your social security number.

So how can you create a password that’s hack-proof? Such a thing may not exist, but you can definitely make secure passwords that will have would-be hackers heading for greener pastures, so to speak. Here are some tips to get you started.

1. Number and Type of Characters

The standard number of characters recommended for secure passwords is a minimum of eight, although some forward-thinking websites are starting to demand twelve. You password should also include different types of characters.

These characters may be uppercase letters, lowercase letters, numbers, and symbols and/or spaces. The best passwords will employ a combination of all of these elements. In addition, you should try not to use recognizable words at all, opting instead for a random combination that cannot be guessed once a few of the letters are revealed.

Such passwords may be more difficult to remember than your passwords of old, but if you’re keen to keep hackers out of your accounts, this is the best way.

2. Avoid Personal Data

We get it – you want to create a password that has some kind of personal meaning to make it easier to remember. However, this is a mistake that hackers will find ways to exploit.

Think about how much information about your private life is available on the internet, especially via social media. All you have to do is tweet about your dog or post a photo that shows your street sign and you’ve potentially given hackers a substantial part of common passwords.

Don’t use your name, nicknames, street names, pet names, dates like birthdays or anniversaries, or any other personal information that hackers could glean with a little digging online.

What you can use to help you remember a seemingly random assortment of characters is an anagram. Make up a sentence you can remember that includes letters, numbers, and symbols and then turn it into an acronym by using only the first letter of every word. “My first dog was Fido! He died at 13 in January of 2002” could become MfdwF!_Hda13in0102, just for example.

In this way you can create incredibly secure passwords that you’ll actually be able to remember when you login.

3. Different Passwords for Every Account

This can be a hard sell considering the dozens of accounts that most people use frequently, not to mention the handful used daily. However, there is a solution.

With a password manager you can enter all the passwords for your various accounts and all you have to do is remember the password that logs you into the password manager. Just make sure that password is really secure.

4. Never Repeat Passwords

Many websites will prompt you to change passwords periodically. When this happens, resist the urge to repurpose old passwords.

Once you’ve used a password, don’t recycle it. Create a new one every time for the best chances to avoid redundancy and the potential for hacking.

5. No Sharing

This should go without saying, but considering how many people make the mistake of sharing their ATM pins, it’s not really that surprising that passwords get shared with spouses, friends, and other seemingly trustworthy parties. Do not fall into this obvious trap!

The most secure password is absolutely useless if you share it with someone else. Not only could that person access your account, but they might not be as diligent as you at protecting it, potentially letting your private information fall into the hands of others willing to exploit it.

It’s one thing to trust your partner, your family members, or your friends, but the security of your online accounts relies on secrecy. You might trust your loved ones to keep this secret – the problem is if you can’t keep it.

How to Maintain Security Protocols When Employees Work Remotely

Advances in modern technology and concerns for the environment alike have made it possible for employees to work remotely. That’s great news for people who want to avoid a crowded commute to the office and at the same time offers businesses a chance to empower their employees. However, there are also security risks associated with remote employment.

Here are a few tips to maintain security protocols when employees work remotely.

Employees Should Conduct All Work on Company Equipment

It might be tempting for you as an employer to save some money on additional equipment by requiring new employees to provide their own laptops for the job. If you do that, you’re opening the door to what could be a security nightmare.

Simply put, not all of your employees will care as much as you think they should about keeping their own equipment secure. If somebody finds a way into an employee’s computer, then that path could soon become a way into your own private systems. From there, there is potential for catastrophe.

However, if you issue equipment to your employees that follows certain security standards put in place by your IT team, then you can be sure that all equipment connecting to your company systems has up-to-date security.

Use the Cloud

The cloud is another relatively recent advancement in modern technology that’s made everybody’s life a little easier. Thanks to cloud technology, people no longer need install and update software on their own personal systems. Instead, they access remote apps and use them as though they were installed locally.

If you’ve got some mission-critical apps that you need your employees to use regularly, consider deploying them to a cloud. That’s a security benefit because the IT department will be responsible for handling security for the software at a single, centralized location. In contrast, non-cloud apps need to be updated everywhere they’ve been installed. That’s a hassle akin to herding cats.

Use a Secure Connection

One common-sense approach to avoiding data breaches and attacks is to ensure that communication between the employee’s PC and the company server uses a secure protocol.

Many remote employees use a technology like virtual private network (VPN) software that encrypts data traffic to and from the company site. Typically, they’ll couple that with a suite of software that automatically installs security patches and ensures that remote workstations are configured correctly.

The bottom line here is you don’t want data communications between employee workstations the company systems intercepted by some unscrupulous third party.

Develop Guidelines

Even when remote employees are using company equipment that’s configured to company standards with a secure communication channel, there is still the possibility for data breaches and attacks.

As long as there are codes, there will code breakers. It’s that simple.

That’s why it’s important that you not only provide secure technology for your virtual environment, but also give your remote employees guidelines about what is and isn’t acceptable use for company equipment. Those guidelines should include the following:

–  What kinds of websites aren’t acceptable for browsing.  Although your security software should automatically block sites that are considered a threat, it’s still a great idea to “go the extra mile” by telling your employees that visiting certain types of sites is grounds for discipline.

– Rules for downloading. It may be the case that some employees will need to download additional software to perform their job. You should provide very strict rules about which software repositories they’re allowed to use to download software. If they can’t find the software they need at any of those repositories, then the guidelines should spell out how to touch base with the IT department to get an exception.

– Other behavior that’s disallowed on company equipment. Although your employees might be very good at day trading, and there’s probably no security threat from frequent visits to eTrade, it’s probably best if they did that kind of thing using their own computers.

Congratulations on creating a virtual workforce. You’re giving your employees a great deal of flexibility while empowering them to make decisions that are in the best interests of the business. Just be sure that proper security protocols are in place so that you don’t suffer the fate of many other companies that have experienced data breaches.

Is Password Management Software Really That Secure?

At this point there doesn’t seem to be any question that virtually any network, server, or website can be hacked. After all, if hackers can breach corporate entities, health insurance providers, and even the government, what’s to stop them from hacking your business?

In some ways, small and mid-size businesses are lucky – they don’t have the same target on their backs that larger competitors do. Unfortunately, many smaller businesses are also forced to compromise when it comes to security due to a limited budget. Even though you may not face the same threats as better-known entities, you might be at greater risk.

In order to protect yourself, you need to make sure the components of your security system are up to the task. While password management software is certainly handy in this day and age, what with the onus to create unique passwords for every online account, you need to know if it’s safe to use. How secure is it?

Password management software has become a popular option for anyone looking to cut back on the amount of time spent trying to remember usernames and passwords for their many online accounts. With this type of program, all you have to do is log in to one master account, remember just one set of login information, and you can access every online account, despite the fact that they all have unique username and password combinations.

This is handy for business owners and clients alike, but it may not be entirely safe. If someone is able to hack the master password, they could immediately gain access to absolutely every account, putting your identity and the identities of others at risk. It seems like a pretty big risk, but if you rely on such a program to manage your passwords, don’t despair. They’ve taken steps to ensure the safety of their users.

Just look at the hack of popular password management company LastPass a few months ago. Users were terrified to discover that the site had been hacked, compromising email addresses, passwords, password hints, and other information related to the security of user accounts. LastPass, however, seemed unconcerned with the breach.

Although hackers accessed security data, the company claimed that user identities were not actually compromised, per se. This, they claimed, was because they had taken aggressive steps to protect their data, so that even if it was stolen, it could never be accessed. LastPass stated that their encryption was so robust that even if hackers stole their user data, there was no chance they would be able to crack it. The only chance that information could be accessed would be due to the user error of creating too simple a password.

In light of the breach, the company asked users to change their password information. The situation raised an interesting point, though. Are services for password management secure enough that you would trust your personal data (or client information) to them? If LastPass and others are to be believed, their software is more secure than what the average person could come up with alone. Their stance seems to be that breaches are bound to occur – and they’re ready.

Many such companies do not store user information on their own servers, so even if breaches occur, there is little chance data will be stolen. In addition, the level of encryption used to secure sensitive data is so high that even the best hackers will be stymied should they manage to steal anything. All users have to do is create a master password complex enough that hackers won’t figure it out – so don’t use your birth date or the name of your first pet.

In truth, using a password manager is likely much safer than going the other route and trying to remember a laundry list of unique username and password combinations for every online account. For one thing, you can’t store them all in your head. This means you’re likely to write them down, store them in your phone, or otherwise allow for easy access.

With password management software you need only create and memorize one strong password in order to protect all of your online accounts. If it is discovered, you will definitely be in trouble, but if you use it appropriately, the odds of failure are much smaller than the alternative. This means greater protection for your own online accounts, and potentially the accounts of other users, as well.