There was a time when your biggest worry was someone listening in on your call on the party line. Now we have a barrage of security worries. Most recently we have had several breaches of security locally where peoples’ email and phone systems have been hacked. It is a fairly sophisticated operation and has caused major issues for some local businesses. The local internet provider, of course, is not publicizing the incidents as it would cause their system to appear compromised.
1. Their internet provider provided email was hacked and the user names and passwords that were accessed there were used to breach banking and other accounts.
2. Their phone line was also compromised and used to dial out on their number which was enough to change passwords and account information with many vendors.
3. Their email accounts have been used to solicit information from customers such as cash transfers and credit card information.
Here are several things that you should know to help you protect your businesses data security:
1. Never email user names and passwords.
2. Change passwords regularly.
3. Don’t use easy to answer security questions. According to IT consultant Ryan Dobbins of Around the Point, Inc. you should incorporate words into your security questions and passwords not found in a standard dictionary such as slang, native names, or nonsense words.
4. Use software that protects you network by alerting you to attempts to breach your firewall.
5. Set the passwords on software like QuickBooks. You wouldn’t believe how many new customers come in with files with no password. Also set the security questions.
To set your QuickBooks passwords go to Company/Set up Users and Passwords. Select your users one by one and set passwords that are secure. The admin user will also be asked to set and answer a security question. You can and should set different passwords for each user. Do NOT email this to yourself or anyone else. Set a reminder in Outlook to remind you to change the password in 30 to 90 days.
If you maintain any customer, vendor or employee personal information such as social security numbers, credit card numbers or tax i.d.s within your QuickBooks file you are required by state law to password protect this file.
Ryan also offered the following advice:
1. Use a Soho firewall.
2. A strong password protected wireless system, or eliminate wireless, or purchase a dual L.A.N router so you can separate your wired and wireless network.
3. USB keys to authenticate access to your windows machines. This can be in tandem with a strong password on your computer with a logout of under 5 minutes.
4. Encryption of your hard drive. With encrypted off-site backup. I spend a lot of time recovering data from hard drives and people are amazed at how easily I can get around there windows passwords and access there documents, QuickBooks, photos and music. If I have a hard copy of QuickBooks I can easily use the “QuickBooks password reset” tool available online.
5. Is your smart phone password protected? What if you left it somewhere? With a cell phone you can access emails, passwords, accounts and bank accounts.
7. A great method is to use Truecrypt, a free open source encryption tool and you can keep your QuickBooks file and emails all on that.
Confining important data to its own space is important.