Yearly IT security review – change your passwords!
As many businesses return from the holiday break, new goals and plans are being set for the new year. Businesses should endeavour this year to pay a little more attention to their IT, particularly when it comes to reviewing the security of their IT network. Why? Read on as the information on IT security is concerning.
On new years day, the popular photo messaging application SNAPchat was hacked. Some 4.6 million customer details were stolen including personal contact phone numbers.
Also recently the American retail store Target was hacked and had up to 100 million customer database records were stolen including personal and credit card details.
Hacking is on the increase and its not just the big businesses that are being targeted. Look at the following bar graph. There has been a 60% increase in hacking attempts experienced by small businesses compared to the previous year and an increase of 15% where the hacking attempt has been successful.
It is therefore a good idea to review any vulnerabilities in your network. The last thing you want is sensitive company and client details floating around in the hands of a third party.
Here is a list of some of the things you should review or change for this year. Some of which are easy enough done by yourself.
Change all your passwords for you, your staff and your network equipment. This includes:
- Computer passwords - if you have a Windows Server network, you can easily enable the feature “user must change their password on next login” for all the users. May be a good idea to also enable the password expires every 3 months option.
- Website passwords - change the passwords for all the websites you login to. Also use different passwords for each site. NEVER use one password for everything!
- Server and Wifi passwords - change these as well and only notify the relevant people. Not everyone.
- Gmail password - if your using Google Apps (as most of my customers are) its very easy to force all the users to change their password on next login from the admin console.
Note that when changing passwords, have a think about what implications this may cause and look to fix them straight away after the password reset. Some of these could include:
- Scan to email may stop working and needs updating on your multifunction printer
- Network shares may need updating
- Email clients such as Microsoft Outlook and your mobile phone email app may need to be re-setup
- Wireless devices will need the new wifi password
- If you use cloud based Applications such as Gmail or Salesforce, then there are some additional security enhancements you can implement to help protect the users, especially when they are accessing your business information remotely.
- Two step Authentication - If you use gmail and have this enabled, Gmail will ask you for an addition access code before allowing you access. This code can be in an app on your smartphone which is re-generated every minute. Much more secure then accidently remembering your password on a computer that is not yours.
- Single Sign On (SSO) - SSO is great if you have a number of applications as you can securely sign into the one website and it will give you a portal to login to all your other website’s without needing the password for each one. One of its great benefits is that if an employee leaves the business, you simply close their SSO account and that will stop them from accessing all the sites in one go.
- Website plugins - statistics say there are around 30,000 websites hacked every day! The most common ways hackers get in is by exploiting vulnerabilities in the server software. Many websites are built using CMS plugins and these plugins need frequent patching to keep secure. If not they become compromised. Review your server software or if a third party looks after this for you, make sure they have policies and processes to do this for you.
- Have an expert perform a full network review on your business. Contact the team at Onsite Helper for further information or help www.onsitehelper.com