The American retailer Target recently lost 110 million credit and debit card account numbers and customer data to hackers. What should your company do to protect your customer’s and your own data?
Teach Employees the Hazards of Phishing
The weakest link in security are your company’s employees. Thieves prey upon their curiosity and trust in people and businesses they know to trick employees into clicking on links that contain viruses. This is called phishing. The hackers send mail that looks like something official, by using the logo of a company they know or even the boss’s name.
Move everything to the Cloud
The cloud-service provider would lose credibility and customers if they allowed their systems to be hacked. So they deploy the best security software and hardware possible plus maintain teams who monitor their network and your applications 24×7. In addition to applications, you can use the cloud to store data instead of keeping it on local PCs. Examples of that are Google Applications and the Microsoft SkyDrive.
SSL means encryption. Train your employees how to recognize that a web site does not have a trusted SSL certificate. (The computer will tell them that; the employees needs to be trained not to ignore the warning.) Also train employees to never type passwords into sites that do not use SSL encryption as hackers can read that.
Do not Allows Employees to Connect Cellphones or USB thumb drives
Hackers gained access to US Military computers by leaving infected thumb drives laying around at coffee shops where a curious soldier picked one up and, violating policy, plugged in the thumb drive, thus allowing what should have been a secure network to be infected. The problem with smartphones and tablets is they can contain viruses that can infect your network when someone downloads photos or music onto your computers.
Erase your Computers Completely Each Year
Did you know that criminals rent networks of hacked computers so that other hackers can use them for criminal purposes? People usually do not know when a hacker has taken over their computer and is using it to hack into other sites. The only way to guard against this would be to assume you have infected computers and reinstall their operating system each year. Of course this is an administrative and logistical burden, but it does remove those computers from participating in crime.
Block Social Media Sites
Because most people have smartphones, there is no reason why employees need to use company computers to access Twitter and Facebook. Facebook in particular has had security issues. It lets people post links to infected sites. Block these sites. But do not block sites that employees need to do business.
The truth is that antivirus software does not work in all cases. The problem is it is reactive and not proactive. All it does is scan files and memory looking for known viruses; it cannot detect anything new. Save yourself money as the free software Microsoft Security Essentials is probably the best product on the market. It is included with Windows 8.
Unless you are expert yourself, you should engage a third-party to monitor your network and desktop PCs. These people think about security all day and every day, so they are expert at that.