The ultimate website security checklist for every business from Stephen Arndt, CEO & CIO, Silver Linings Technology.
Website security threats are on the rise. According to Verizon, 71% of breaches were financially motivated and 25% were motivated by espionage. This puts both the consumer and business at severe risks.
Here is our top website checklist to help you stay secure.
It’s the perfect time for hackers to send emails with dangerous malware and viruses. Right now, your inbox is probably filled with “COVID-19” subject lines and coronavirus-focused e-mails.
Hackers are even using a fake cdc-gov e-mail address that’s not legitimate and spamming inboxes. That’s why it’s the first point on our website security checklist.
How can you tell a phishing email from a legitimate one? Here’s a few telltale signs:
When in doubt, call the person who supposedly sent the email on the phone to verify it’s legitimate.
Because your employees may be required to work from home, their mindset maybe, “I may as well use my home computer.” This is a dangerous mistake on your security checklist.
Home computers and personal mobile devices could be littered with tons of downloaded music, videos, images, and more. Because it’s more exposed, it can invite malware into your business network.
ONLY devices that are under our vigilant watch of patching, updating, and monitoring should be used by your employees to work remotely. Provide a company-approved and secured computer/laptop for employees to use at home.
When employees work from home, they need access to important company files. It’s easy to look at consumer-grade, cloud file sharing solutions like Dropbox, OneDrive, and Google Drive. But listen up!
These applications pose a huge threat to your company because company data can be spread far and wide without central oversight of what information is being shared with whom. Furthermore, over 7 MILLION Dropbox accounts have been hacked, giving cybercriminals a path into the company’s network.
This is even MORE important if your company has access to and/or stores financial, medical, or other sensitive data. Using file-sharing applications like these are a clear and direct violation of data breach and compliance laws. DON’T USE THEM FOR COMPANY DATA and use only company-approved, business-grade file-sharing applications.
What makes many ignore cybersecurity checklist is the great unknown. They don’t understand it. They assume it only happens to the “big guys.” So they carry on as if they aren’t at risk.
Yet cybersecurity doesn’t have to be complicated. In fact, you can keep your practice safe from most attacks by following five simple steps.
Any employee who handles company data or devices should have to go to mandatory cybersecurity awareness training regularly.
To protect your company from phishing attacks, be sure you have a good spam filtering system installed.
Make sure you patch vulnerabilities, monitor suspicious behavior, and install firewalls to keep potential problems away.
With mobile devices, company travel, and work from home days, access to your data is no longer driven solely from inside your office building. Instead, employees access data from all over the world. A virtual private network (VPN) adds a layer of encryption to ensure your data stays safe no matter how or where it’s accessed.
What happens if you are attacked? Have you thought about the consequences? Seeing the other side can open your eyes to vulnerabilities and help you install better security practices.
How important is your data? Silly question, right? For a medical practice, your data is everything.
When was the last time you performed a data security audit?
Don’t wait for an official audit to determine your weaknesses. Or worse, a breach. A self-audit can be very useful to show you where simple changes can make all the difference.
Think of your audits as pop quizzes. They can be general or narrow in focus. You can look at your practice as a whole, or niche it down and look at very specific things. Define your security perimeter to create your list of things to consider.
Define all of the threats that can impact everything within your security perimeter. Think small – how can one employee trip up the system? Think big – what happens if a hurricane/tornado/earthquake/fire hits? Think everything in between.
Each threat has its own chance of happening within your business. Can you put a price tag on it? Can you prioritize how likely it is to occur? While you can’t predict everything, with common knowledge and a little bit of gut instinct you can determine how likely you are to face each risk.
If you know where your risks are, you can devise a way to improve the process. You can improve on activities you already have in place, or you can implement action steps that are missing. You can also establish timelines for upgrading on a regular basis.
When was the last time your organization ran a phishing email simulation?
You’re working at your computer when all of the sudden – BAM! – you get a pop-up notification that your PC is infected with a virus and you must “click here” to run a scan or install antivirus software. This is a common scareware tactic used by hackers to get you to click and download a virus.
Often it will appear to be a system alert or a Microsoft operating system alert. Regardless of how legitimate it looks, NEVER click on the site or the pop-up. The safest thing to do is close your browser; do not click on the X, “Close” or “Cancel” button in the pop-up or on the site because clicking on anything on the page or pop-up will trigger a virus download. If that won’t work, bring up your task manager (hold Control + Alt + Delete on a PC and Command + Option + Esc to “Force Quit” on a Mac) and close the web browser or application where it appeared.
There are thousands of hackers who get up every morning with ONE goal in mind: to find a new vulnerability in a commonly installed software (like Adobe, Flash or QuickTime) to access your computer. That’s why these companies frequently issue patches and updates for KNOWN security bugs; and once a KNOWN vulnerability is announced via a patch, hackers get to work like crazy trying to figure out how to use the vulnerability and access those users who are lazy about installing updates. That’s why it’s important to update installed software programs as soon as possible.
We’re all guilty of it: connecting to free public WiFi. Whether it’s at the coffee shop, hotel or airport, the temptation to check e-mail and surf the web is just too strong to resist. So BEFORE you connect to any free, public WiFi, make sure the connection is legitimate.
It’s not uncommon for hackers to set up fake clones of public WiFi access points to try and get you to connect to THEIR WiFi over the legitimate, safe public one being made available to you. Before connecting, check with an employee of the store or location to verify the name of the WiFi they are providing. Next, NEVER access financial, medical or other sensitive data while on public WiFi. Also, don’t shop online and enter your credit card information unless you’re absolutely certain the connection point you’re on is safe and secure.
Here’s a tip that just might save your bacon: set up withdrawal alerts on your bank accounts. Many banks will send you an e-mail alert whenever money is withdrawn from your account via check, debit card or transfer. Setting up those alerts will allow you to spot and report fraudulent activity BEFORE the money has already been siphoned into a cybercriminal’s hands.
Do you also have some checklist points? Let us know in the comments.