These tips help protect your business from computer-related security risks ranging from natural disaster to malicious attacks.
If you’re a one-person business, make sure you’ve covered everything on the list. If you run a larger business, use this list to double-check your information technology department’s planning.
1. Plan for the Worst
The only question is “when”, not “if”. Hard drives WILL fail. The only question is when. Lightning strikes can instantly destroy electronic equipment (happened to one of our clients). Computers can be stolen.
The lesson: Make and TEST daily backups of key data: financial and customer records, critical documents related to your products and services (for example, proprietary workbooks you use in your programs) and anything else mission-critical to your business that couldn’t be easily and quickly recreated.
“Test” means that you should try to restore a few key files periodically to make sure your backup and file recovery processes actually work. Even larger businesses with an information technology department should check to make sure backups can actually be restored. Believe it or not, we know of several examples where the IT department thought it was running backups properly but was not able to locate and restore them in a pinch.
And make sure you have backups somewhere other than your primary business location. Fire, flood, tornado – it can all happen. If your business has multiple locations, tell your IT staff to keep a full backup for each location.
Online cloud-based backup services make backups both easy and affordable for wellness businesses of every size, and typically store your files in multiple data centers, giving you an extra layer of geographic protection. We use and love Mozy.com and it’s available for individuals, small businesses and larger enterprises.
2. Former Employees
We’ve seen situations where current employees were using passwords of former employees to access information inappropriately. We’ve also seen e-mail accounts of former employees become black holes for customer and supplier e-mails. These unsuspecting folks continue to send them e-mail, but the company no longer has anyone checking that address.
The lesson: when employees leave, immediately redirect their incoming e-mail, change their passwords, and delete their user accounts.
Another reason to disable and redirect the e-mail accounts of former employees: employees also sometimes set up their business e-mail account to automatically forward everything to a personal account so that it’s more convenient to check e-mail at home, for example.
3. Strong Passwords
Studies of Web frauds inevitably reveal that the top 20 passwords still include these ludicrously obvious choices:
It’s much better to use a strong password.
How Can I Create a Strong Password?
Pick at least eight characters with a combination of letters (ideally, a mix of upper and lower case), numbers, and symbols. Avoid using real words and obvious words, like your name, your spouse or partner’s name, your pet’s name, your city, your birthday, your favorite sports team, etc.
One clever method that’s easy to remember: come up with a sentence that makes sense only to you. Include capitals and numbers. Then use the first character of each word in the sentence to make your easy-to-recall password. For example: “My son Bryan once ate 7 olives” = the password “MsBoa7o”.
Another good way is to use cues like these:
street number of our first house: 1411
name of first child: Samuel
your age plus your spouse’s age: 100
This generates the following password: 1411Samuel100
You can also check your password strength at Microsoft’s Safety Center & Security Center.
Update sensitive passwords regularly. Examples include financial applications on your PC or online and online services with credit card information.
And don’t simply pick two passwords (say, dallascow1boys and dal2lasmavericks) and switch back and forth between them.
4. Software Patches and Updates
We’ve talked with customers whose computers essentially died because their anti-virus definitions had not been updated in three years and they were infested with malicious software.
Software patches are updates for your operating system and the applications you run on your computer and mobile devices. Many patches fix potential security problems. They can also improve the performance and stability of your operating system and the applications you use.
It’s critically important that you keep your operating system, firewall, anti-spyware and anti-virus definitions up to date. It’s a darn good idea to keep everything else updated as well. That includes Java and Flash plus app updates on your smartphones and tablets, too.
Most applications can be configured to automatically check for and install updates. We suggest you use these features unless you have an in-house information technology department who has established other guidelines.
5. Click Fraud
If your health or wellness business advertises online using tools like Google AdWords, you’re at real risk for click fraud. Click fraud is the act of purposely clicking ad listings without intending to buy from the advertiser. Since you pay per-click, it costs you money even though these clicks are bogus.
Services like WhosClickingWho and ClickFacts can spot ad fraud so that you can get a refund from your provider. You can learn more about this subject from the blog ClickDefense. Pay-per-call ads offer an alternative that’s less susceptible to fraud. This approach requires that you have a reliable customer-friendly process for either taking messages or handling live calls.
6. Must-Haves: Firewall, Antivirus Software, and Anti-Spyware Software
Every business computer should have a firewall, anti-virus software and anti-spyware software installed. It also makes sense to consider anti-virus and other security apps on your smartphone. While Windows and Apple offer some built-in security features, you may find that third-party products offer more protection. Remember, though: your security software is only as good as the last update. You absolutely must install new definitions and patches when they’re available.
7. Shared and Public Computers
Many health and wellness businesses have computers in areas easily accessed by just about anyone – at a front desk, for example. These systems need special security attention. One of the easiest and quickest ways to protect accessible computers is to use a password-protected screensaver. This function is already available in Windows. You can also install software that automatically logs the user out after a predetermined amount of time so that no one else can access the system. And depending on what the computer is used for, consider disabling its Internet access and its connection to your internal network. Talk with your local PC expert or your in-house staff for more suggestions. If a shared or accessible must maintain an Internet connection, it’s especially important that the security software we specify elsewhere be continually updated with the latest definitions and patches.
8. USB Flash Drives and Other Micro-Storage Devices
These tiny “keychain” drives are smaller than a pack of gum. Yet they hold huge amounts of data. And they’re designed to be portable. That’s the good news. In fact, they’re a great way to make a fast backup of key data that you can simply take home at night for offsite storage. The risk: it’s incredibly easy for your data to walk out the door on one of these drives and simply be lost, or tucked in a ticked-off employee’s pocket. What’s the lesson? Back up key files, and limit access to sensitive data. Everyone in HR doesn’t need salary access, for example. Everyone in Accounts Payable doesn’t need access to employee Social Security data.
Mobile devices pose special challenges, in part because they’re much easier to lose and they’re much more susceptible to theft.
You should at least take basic security precautions: password-protect your phone. Don’t store passwords “en clair” – use a password app that encrypts them. And use anti-virus and other security apps to protect against malware.
Think twice before you save your credit card details on your phone. I know it’s convenient, but if you lose your phone whoever picks it up can go to town.