04/15/2019: Security Tips to Improve Information Security for Your Business
Look before you click
Email phishing is a relatively quick and easy way for criminals to get information from you or your employees. Taking the extra minute to analyze your emails can save you and your business from a security breach. Look at the emails you receive and ask these simple questions:
Am I expecting this email and is it from a known source?
Do I have an account with the source?
Is the email coming from a valid domain?
Is there a sense of urgency to get me to click on a link or open an attachment?
Does the link go to an address I recognize and know?
Update, patch, replace
It’s easy to get impatient waiting for updates and patches on your devices; however, those updates keep your devices secure. One vulnerability can cost you and your business.
Use your own devices
Whether you are purchasing or leasing technology, make sure to equip everyone. Otherwise, you lack control and security of your business’ information. An upfront cost now could save you thousands of dollars and hassles later.
While there are a lot of measures to increase the informational security of your business, starting with the basics can sometimes be the greatest defense of all. Did you know that you and your employees can be one of the biggest threats to the security of your business information? In business, time is money so we are always trying to do more with less, and cyber criminals love to exploit this weakness.
A phishing email and a rushed day can lead to malicious software being downloaded into your secure network. You can and should have virus protection, a firewall, and layered security protection, but good old-fashioned logic can be your best friend. Look at the emails you receive and go through simple questions (see left) to make sure all of your emails make sense. Cyber criminals are crafty at trying to convince you every email is “normal” and can even use a contact’s name and/or email address to try and trick you. If you feel the email doesn’t make sense, then delete the email and move on with your day. Train your employees to not be afraid to question each and every email for validity.
The devices you use to run your business can be a challenge. One of the best ways to keep the information on those devices safe is to make sure they are patched and up to date. Vulnerabilities happen when devices are left alone and rarely updated. Patch and update your firmware, software, and operating systems to prevent security risks to those systems. Know when your systems or programs have reached their end of life. If you can no longer get security updates to those systems, you should replace them. Patches are worth the effort to eliminate low hanging fruit to those wanting to exploit that vulnerability.
Finally, support your business with all of your own technology. Yes, this may add some cost to your bottom line, but if your employees use their own technology, you do not have control over how that device is configured or managed. Just imagine what can happen if your employee makes some bad decisions, they fall prey to the phishing schemes, and now they connect to your network. Your network will now be exposed to all the malicious code that resides on that device. Plus, if they are not updating and patching their device (as we suggest above), they have just stepped over all your good efforts to protect your network. Know and manage the devices that you depend on to run your business and protect you and your customers’ data.
Taken from the Spring 2019 edition of The Rising Standard
Sheila Crystaloski, senior vice president and chief technology officer at Standard Bank, has more than 30 years of experience in the technology field, 20 of which have been with Standard Bank. Sheila is a certified information security manager and a strong asset to the Standard Bank team. Sheila leads the bank’s around-the-clock technology team as they ensure customer information security and new technology implementation.