Secure your business with these IT policies

by Complete Care IT, LLC | February 9, 2016

Employees are one of your biggest security holes. There is no foolproof prevention method for human error, and this is why employee mistakes are one of the most common causes of a security breach. So what can you do to prevent it? Well at the very least you need to include policies in your employee handbook, and ensure your employee reads through it and signs off on agreeing to abide by them. Having measures in place drastically reduces the chances of a security breach. Here are four areas to keep in mind when developing your own.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with permission from TechAdvisory.org. Source.

Google boosts security with physical keys

by Complete Care IT, LLC | June 1, 2015
IT Support to Bio-Medical, Engineering & Manufacturing

If your business is lacking adequate security protection, the doors are wide open to an attack from outside. To make things worse, security threats are constantly evolving and developing, rendering them more difficult to keep up with. At least Google is on your side – its recent introduction of physical Security Keys for Drive for Work users means an extra layer of safeguarding for the cloud-based data files you rely on to power your organization.

Google already offers security precautions like two-step authentication, which provides additional protection by requiring you to enter not only your password but also a one-time code received by SMS or similar. This is a crucial weapon in the fight against hackers, since weak usernames and passwords are still be the primary reason for accounts being breached. Security Keys now take things one step further, strengthening your Google Drive account’s coat of armor to an even greater extent.

The Security Key is a physical USB device that is plugged into your computer, and which sends an encrypted signature, instead of a password or other code, to verify your identity and permit you access to your Google account. Crucially, Security Keys are inexpensive – starting from around $6 per unit – and require no additional software for deployment, use or management. Administrators have the ability to track when and where each key is used, as well as being able to disable them if lost and issue backup codes to allow staff uninterrupted access even if they do misplace their key.

Simplifying the login process is also a key part of what Google has tried to achieve with Security Keys. To that end, the first time you use your key to access your Google account on a particular computer, you can opt for Google to remember that device. On subsequent occasions you can quickly sign in using only your password, and without requiring either your key or a two-step authentication code. You can still sign in using your key on other machines, and if a hacker tries to access your account without your key they will also be prompted for a two-step verification code (which, unless they have access to your cell phone, they shouldn’t be able to provide).

Security Keys aren’t an entirely perfect solution, though – there are some significant limitations to the technology. For one, you can’t use them on mobile devices, since they require a USB port to work, and they only allow you to access your Google account through the Chrome browser. Windows, Mac OS, ChromeOS and Linux operating systems are all supported, but if you’re working from your phone or on a browser other than Chrome then you’ll need to continue using two-step authentication. Google says you can mix and match different methods of verification, opting to use Security Keys where they are supported and two-step verification otherwise (or if you don’t have your key with you).

What’s more, only Google Drive currently supports Security Keys – it’s not yet possible to use them with Google Apps, for example. But, while the technology is primarily targeted at Google Drive for Work users, it’s possible to link a single key to multiple accounts, meaning you can use it to access both your work and personal Google accounts. Some users have also queried how much of a safeguard the technology really provides in the absence of an additional PIN code or fingerprint authentication being required for activation, suggesting that a stolen Security Key could be used to access a computer that a user has previously asked Google to remember. But Security Keys do appear to offer at least some additional protection, which will be of comfort to businesses handling sensitive data.

Give us a call to find out how to employ Security Keys and other technology solutions to bolster your protection against network intrusion and data breaches.

Published with permission from TechAdvisory.org. Source.