Security Best Practices

In light of the recent security breach of the LinkedIn website and passwords, NMGI would like remind clients to take every measure possible to ensure the safety of your information.

In case you are not sure where to start, we have listed some  best practices to insure account security and privacy:

Changing Your Password:

  • Never change your password by following a link in an email that you did not request, since those links might be compromised and redirect you to the wrong place.
  • If you don’t remember your password, you can often get password help by clicking on the Forgot password link on the Sign in page of most websites.
  • In order for passwords to be effective, you should aim to update your online account passwords every few months or at least once a quarter.

Creating a Strong Password:

  • Use encrypted password management software to keep track of all of your passwords.
  • Variety – Don’t use the same password on all the sites you visit.
  • Don’t use a word from the dictionary.
  • Length – Select strong passwords that can’t easily be guessed with 10 or more characters.
  • Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
  • Complexity – Randomly add capital letters, punctuation or symbols.
  • Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”.
  • Never give your password to others or write it down.

A few other account security and privacy best practices to keep in mind are:

  • Sign out of your account after you use a publicly shared computer.
  • Keep your antivirus software up to date.
  • Don’t put your email address, address or phone number on public profiles.
  • Only connect to people you know and trust.
  • Report any privacy issues to Customer Service.

*Modified from LinkedIn.com

Share

Controlling Social Media in the Business Environment

Social_media_icons

Everywhere you turn, you hear something about “Follow us on Twitter,” or “Like my Facebook Page.” Social media is a communications platform that is here to stay, and if you’re like many business owners, you’re wondering “what does this mean for me and my business? How do I use it in my business without it becoming a distraction?”

Social media should be a part of your business’s marketing plan, and controlling employees’ usage on these sites will help keep them productive instead of allowing them to use company time for personal interaction.

But now that businesses are effectively using social media as a marketing and communications tool, the question becomes whether to allow employees to use social media while at work or on work equipment.

Social media can be a distraction and it poses IT security risks. These sites are known to bring viruses and malware into organizations, so if you decide to allow employees to use social media for business or personal reasons, there are options to mitigate the risks.

One step is to craft and distribute an Acceptable Use Policy to all employees. This policy should clearly define:

  • Where employees can and cannot go online

  • What types of files employees can and cannot download to your network or upload onto social media sites

  • When and to what extent they are allowed to use the Internet for personal matters

  • Which types of activities are strictly forbidden

  • What the consequences are of violating these policies

  • Another step would be to make sure you put the appropriate controls on your employees’ computers.

It’s nearly impossible to police every activity your employees do online, but installing a Web filter is an easy way to control who can access social media sites and other websites that are not related to business. Web filters also block Internet applications that you don’t want your employees using at work and offer additional protection against malware and viruses.

These controls can be as loose or tight as you want them. You can offer access to specific employees and can even determine what time they are allowed to access these sites. For example, you could decide that your staff is allowed to access Facebook only from noon to 1 p.m. during their lunch period. Or you can decide that just your marketing staff can access it all day, every day. It’s a flexible system, so it’s really up to you to decide.

Additionally, web filters offer Internet usage reporting, which will give you a high-level look at your bandwidth consumption, how much time your employees are spending on non-business related Web activities, what sites they are visiting, as well as your exposure to viruses.

When dealing with potential security threats, it is always best to address the situation before something bad happens.

Your IT administrator, or outsourced IT department, can easily set up any of these systems, which will help secure your business from social media-related viruses and problems.

Share

Protecting your wireless network

Mc9004393591

Why wireless security?
When you have a wireless network, you need to make sure it’s kept secure. An unencrypted network presents the potential for security breaches.

 

Wireless technologies that provide long-range connectivity can’t be contained within an office. When you use a network that’s not secure, hackers could potentially “capture” the information you’re sending back and forth. This means passwords, records, and more.

Isn’t my network already secure?
With some older wireless technologies, like Bluetooth, access is limited by physical proximity to the corporate network. However, wireless technologies that provide long-range connectivity, such as 802.11n, can’t be contained within an office space. That means anyone within range of a non-secure network can gain access.

What happens if I don’t secure my network? 
It may seem harmless to offer your network’s access to outside users, but it’s more than just letting people surf the Internet for free or accidentally send print jobs to your printer. There are actual hazards:

  • Breach of privacy: When you use the Internet, you are sending “packets” of information back and forth. Hackers could potentially capture and open these packets. This means access to passwords, financial records, customer information, private data, and more.
  • Slower access: Additional users on your network, especially those who may be downloading and uploading content, will slow down Internet access for all users.
  • Illegal traffic: Unwanted users may access your network for illegal Internet activity. If this happens, you may be caught up in any legal action taken.
  • Data usage overages: Many ISPs limit your monthly data usage. Unwanted users can cause your account to be in violation of those limits.

Basic wireless security: Encryption
When it comes to wireless security, encrypting your network is the most important security measure—it also may be the only measure you need. Whether sending confidential documents to the Internet or to your printer, encryption will scramble this information to outsiders.

What is encryption?
All of your wireless devices, including wireless printers, connect to your computer through your wireless router. When you encrypt your network, the information transmitted to and from your router is scrambled, making your network’s information unreadable to outsiders.

How do I encrypt my network?
Encryption means creating a difficult network password, also known as an encryption code or passphrase. Note that there are many methods of encryption, though not all of them are secure.

Read on to learn which encryption methods are secure and how to create a strong password.

Types of encryption
There are many methods of encryption, though not all of them are secure.

  • WEP (Wired Equivalency Privacy)
    This basic level of encryption isn’t considered secure. Because some older wireless printers only support WEP, you may have to choose between lowering the level of security for your entire network to WEP and connecting your printer using an Ethernet or USB cable.

    You might also consider upgrading your printer. Remember, though, while using WEP is not encouraged, WEP encryption is better than no encryption.

    To create a WEP password: Make a case-sensitive password using 10-58 digits (use the numbers 0-9 and the letters A-F).

  • WPA and WPA2 (Wi-Fi Protected Access)
    Created in response to WEP’s weaknesses, WPA and WPA2 are the preferred methods of encryption, which use passwords and passphrases. What’s the difference?

    password is generally one grouping of letters, numbers, and/or punctuation without spaces. Example: p@ssw0rrd

    A passphrase is a string of grouped letters, numbers, and/or punctuation (almost like a sentence), including spaces, longer than anyone could reasonably remember. Example: +hI$ 1s An 3xAmpLe 0F @ Ba$iC pa$sPhRa$3!

    To create a WPA or WPA2 password or passphrase: Make a case-sensitive password using at least 13 characters, including upper- and lowercase letters, punctuation, and numbers. If using a passphrase, include spaces.

    Tip: By including spaces, a passphrase is much harder to break than a password. There are many online sites that can generate random passwords for you.


Reprinted with permission from the HP Small Business Center

Share