There’s one overriding concern you need to worry about as year-end approaches—stopping scammers from getting into yourrecords. And scammers have become increasingly sophisticated, as last summer’s ransomware attacks have shown.
The U.S. Computer Emergency Team—a government agency known as CERT—has some suggestions, but you’ll need help from your IT department to implement them.
Social media faux pas. Computer security usually relies on advice about using long passwords, changing passwords frequently and using two-factor authentication for sensitive data. Other security measures include training employees not to click on suspicious email links and to encrypt data if they are taking it out of the office on, say, a laptop, tablet or USB drive.
Although that’s good advice, scammers now have an easier way in: They can get their hands on almost everything they need to know about you and your company—such as staff names and titles, the CEO’s name—by surfing LinkedIn.
What they can’t get there can usually be gleaned from your other social media accounts.
Tip: Use social media privacy settings to restrict access. Encourage employees to do the same.
Proceed with CERTitude. CERT’s recommendations include the following:
- Perform and test regular data backups to limit data loss and expedite the recovery process. Key: Isolate critical backups, including payroll data, from the network.
- Use application white-listing to help prevent malicious software and unapproved programs from running. Application white-listing allows only specific programs to run; it blocks all other programs, including malicious software.
- Keep your operating system and software up-to-date with the latest patches and anti-virus software. Scan downloaded software before using it.
- Restrict users’ ability to install and run unwanted software applications, and apply the principle of “least privilege” to all systems. That means allowing users to access only those parts of the computing environment they need to do their work. Restricting privileges can prevent malware from running or keep it from spreading through the network.
- Avoid enabling macros from email attachments. If an employee opens an attachment and enables macros, embedded code will execute the malware on the computer. Best: Block email messages containing attachments that come from suspicious sources.