Data Security: Mandatory Data Breach Reporting, Heartbleed and Widows XP End of Life.
Do you leave your house car and office unlocked, 24 hours a day? Do you write your Visa or Eftpos pin number on the back of your cards? No way – so why do we do similarly stupid things with our online data?… Is this another common case of out of sight, out of mind? Data security has become one of the most high concerns for Businesses, be it small or large.
Unfortunately most of us are good with things we can see, not so good in the ‘cloud’ or thinking about a hard drive in the office server. Problem with that is, we all secure a ton of personal and business data with the passwords we enter to access these systems, and more and more they are under threat.
In the last month we saw some pretty massive changes in Data Security Risks and how they will affect all businesses. While we all have our solutions in place from best practice like backing up our business data to a removable or cloud drive to password changes and integrated security service providers, I think the last month holds special significance and it is time to review your solutions, no matter how adapt.
So last month, what happened and how to resolve these new threats? Here are 3 key article links on the sorts of things you need to look out for;
Add to all this the growing surge in online piracy …No i’m not talking about downloading Game of Thrones being the most downloaded show in history. Your data isn’t very safe in your office and the Government is telling you to do something about that. Nearly every website is flawed because of the data security layer bug and Windows users have to cough up for the new software or face growing challenges from hackers looking to exploit the un-supported system.
OK, Solutions, firstly, If you haven’t already, every business should have a good Cyber Insurance Policy, for SMEs it will run around $1000 a year, but will protect you across any accidental or malevolent data loss. I recommend our guy (of course), Nathan Ray from AustBrokers Country Wide. Contact me if you’d like a referral. Secondly, chat with your IT firm and listen to what they recommend. If you’re an XP based company, be prepared for some nice new fees from Microsoft. If you want a second opinion on anything IT, speak to Jason Kelton from Ethertech, they are cost effective and Jason is always a great help.
If you’re up for some DIY, these are the steps you must take; Change any sensitive passwords especially for Facebook, Twitter, Amazon Web Services etc. There’s a good list on Mashable about this, http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/ but general rule of thumb, upgrade to strong passwords once or twice a year (we do it after Jan 1 and EOFY). Read how to choose a secure password here – http://www.wikihow.com/Choose-a-Secure-Password. If that is too long for you, one of my computer lecturers gave us a trick that stuck for me, choose a nursery rhyme or part of a story you remember, use the first letters of each word, convert some to upper case, numbers and symbols. For example, “A sailors life is the life for me” becomes ASLITLFM in capitals and with lower case, numbers and symbols it could be Asl!tlf5M.
Too many passwords? You may also want to consider a password management app. For enterprise customers, Jason recommend’s PasswordState – it is a cost effective password system made locally in AU. For those individuals who are looking for something less controlling, open source and free, he highly recommends KeePass.
Worried about Heartbleed? An online tool called the Heartbleed Test was created to test if a website has been compromised by the virus. Basically follow these two easy steps to ensure the virus has not effected you: 1. Change your passwords 2. Test your site at the link below https://filippo.io/Heartbleed/
While the recent threats and changes are massive, there are obviously tons more out there from Phishing emails to fake profiles, credit card scams and privacy policies to keep you on your toes. If you have questions, feel free to send them through; luckily like the recommendations above, there are always good ways to get around common privacy and data security issues.