Security Best Practice – here is a listing of what you should do and know.
Do you, or any of your staff, ever type the following into a computer, web based program, email, document, Smart Phone, tablet, iPad, etc.?
- Social Security Numbers
- Date of Birth
- Someone’s full name
- Credit Card number
- Business License number
- Date of Diagnosis
- Injury / Illness description
If you do, you need to pay attention, yours and your clients data is at risk.
Who wants this information? Who is the enemy?
- the state of China
- Al Qaeda
- the state of Russia
- organized crime
- and any other criminal organizations that need funding
Why are they interested in your organization, your computers, your data?
For the most part the large organizations have adopted Security Best Practice and have locked down their data and their systems pretty well. As recent as 5 years ago, the large organizations were the targets. Now that they are essentially off the table, small organizations, companies, individuals and others are the targets. The price for stolen data such as stolen credit cards have gone from $25 and 2011 down to $6 in 2016. As you can see, more credit cards must be stolen to keep their revenue the same or growing. This is true of all forms of identity and is why your information is at risk.
You are not being targeted. The enemy is looking for any open doors and will take advantage of any opportunities.
So where do you start? Computer security issues in order of importance.
Once you have these three areas under control, the next areas to focus on are as follows:
- Hardware firewall – computer hacking
- Email security
- Cloud Storage security
- Mobile Device security
- Antivirus Software
- Anti-Phishing Software
- Software or Hardware (better) Firewall
- Intrusion Detection Software
- Network Monitoring
- HIPAA Compliance
- PCI Compliance
There are many other areas of concern when it comes to Security Best Practice but due to time we will only cover the top three in this document.
- You want to have unique passwords for every program and every website (later in this document I will tell you how you can do this)
- It is okay to use programs such as LastPass, RoboForm, Dashlane, etc. these are the best
- Pay attention to two-step authentication and use it whenever possible
- Always assume that your data is being attacked
- Password protect all of your devices
- Turn on your screensaver and turn on “on resume, display logon screen” especially if you’re in a high traffic area.
- Log off your computers at night
- Spend all the time to make all this happen
- Do not use the same password for everywhere
- Do not use the word “password” or any other simple passwords
- Do not save passwords in your browsers or programs – ever
- Do not tell others your passwords
Passwords and security are an inconvenience. Take the time to put a proper password policy in place.
Phishing attacks, viruses, malware, encryption attacks all destroy and lock your data. If you have backups is easy to recover. If you do not have backups, you may never recover and may lose your practice.
What should you backup?
- Desktop computer
- Laptop computer
- Smart phone or tablet
- Cloud storage (depending on service)
How you backup depends on your situation and practice:
- Copy files to a thumb drive
- Copy files to an external hard drive
- Copy files to a server or another computer
- Off-site backups
- Local image backups
- Off-site image backups
- Local and off-site image backups with web access
- Cloud storage
- Office 365 or Google Docs
There are pros and cons to every one of these nine backup options. There are a few factors that are involved in making the correct decision on how you should backup your information. Those factors are as follows:
- Speed of recovery
- Data importance
Regardless of the data backup option you select, there are a few things that you must always do.
- You should always verify that the backup is running.
- You should constantly spot-check to be sure the information you need backed up is being backed up
- Once a month or once a quarter you should verify that the information you expect to be backed up is actually being backed up
How often you backup is dependent on how much information you can reconstruct if all of your information is lost. For example, if you could only reconstruct one day’s information then you would need to backup daily. If you can reconstruct a weeks’ worth of data then you might consider backing up once a week, time permitting. It may not be worth reentering a weeks’ worth of information.
Another factor to consider when you’re backing up is could you recover in the event of a fire, flood, tornado, hurricane, theft. All of these events could be catastrophic if your backup is on site.
If you’re using cloud storage and are not backing up that cloud storage, how confident are you and the financial strength of the company that has your data? Are they backing up your data? How secure is their operation?
Lastly, you need to consider the expense of the different backup options. Backups are a factor of time, resources, recoverability, security and availability.
Updates of the final area that we will cover in this document. If the program is on your computer, you should update it or remove it. You should not have any programs on your computer that are not being updated.
There are two reasons that companies update their programs:
- For security reasons
- Correct problems in their program
Security reasons are the most common reasons for updates and this is why you should always be updating your programs. For example, when Windows stopped supporting their Windows XP operating system after being used by the public for over 10 years, their last update included 11 security patches closing holes that had recently been discovered.
Java is the most popular program in the world with over 3 billion users and is the most vulnerable program doorway to break into computers. Java is not easy to update so a lot of people don’t update. As a result, the bad guys know that this is a way that they can get into computers. We have seen computers that have never had Java updated so for security best practice that is not good.
Other programs that you should update on a regular basis if you have them on your computer are:
- Google Earth
- Foxit reader
- and others
How often should you update your programs?
Keep the following in mind when you thinking about updates. There are two reasons for an update one is a change in the program. Those updates can be done whenever you want to do them. Security updates are created when a security hole has been found in the program. That means if somebody has broken into that program and done something malicious that has caught the attention of the programmers enough to create and distribute a patch (update). With that in mind, update should be installed immediately for security best practice.
In most cases we will wait a few days to install an update just to be sure that any bugs in the update are corrected before we apply the update our customer’s computers.
Remember the discussion about “open doors”? These are the open doors into your systems.
The unfortunate fact about updates are as follows:
- Even if automatic updates are turned on they don’t always update
- If an update fails, in most situations, no other updates will follow with that program
- Updates take time that most of us have very little
- Updates can break programs
As I mentioned early in this document, there are many areas of concern when it comes to security best practice with your electronic devices. We have covered three of those concerns. If you have five computers in your practice you should be spending approximately four hours per computer per month on security. That would be a total of 20 hours per month on security for your practice.
Now you’re saying, there is no way, I will agree. We have spent thousands of hours updating computers manually and have a thorough understanding of what is needed and the results you receive if done properly. That is why you want to hire a company that is geared to keeping your computers safe. There are tools out there that will keep your computers up-to-date and report when there are problems. The cost for these services is extremely reasonable when you consider how much time you would have to spend maintaining your systems versus the income that you can generate during that same amount of time.
Slow computers are almost always a result of viruses and update issues.
If there’s anything that we can do to help you, feel free to contact us and will help any way we can.