On Friday 13th January 2017 the annual Micro Biz Matters Day is taking place, and to celebrate we are sharing our top 13 privacy tips to protect your business, as part of the #MicroBizMattersDay (@MicroBizMatters) in their #IGave13 campaign.
- Create a culture of privacy.
Creating a culture is no easy task. It takes 21 days to form a habit and for something like privacy you need to get all staff to think privacy at all times. Introduce n-gage as the ‘workplace messenger’ and your staff are automatically introduced to thinking about privacy every day. If they send a wrong message to someone they can pull it back, if it is a one off sensitive message then they can password protect it or make it automatically disappear. - Protect what you Collect.
Sometimes you need to transfer customer data around your workplace, instead of emailing it, you could send the file through n-gage so that you know the correct person has received it and thanks to our end to end encryption you can be sure it has not been taken in transit. - Use incognito mode when accessing accounts systems, bank accounts or paying a bill.
We are always told that when you see the Green lock in the corner of your address bar you are on a secure connection like HTTPS and your sensitive data is secure. You might be surprised to hear that a lot of banking institutes will still store sensitive information on your computer like account number, balances, statements, credit reports and if you are not using an incognito browser there is a chance that when you log out or close your browser you are not deleting the local copies of this information.
According to a recent study by security firm Independent Security Evaluators 70% of companies (Including Verizon Wireless, PayPal, Scotttrade, Allstate and Equifax) are saving sensitive data to a user’s browser cache!
So if you ever share your computer or if your laptop is stolen, that data is completely unsecured and open to abuse. - Passcode protect all company phones and avoid touch ID.
A passcode today should be standard but it is surprising just how many companies still allow their staff to have company phones without protecting them. A Passcode or pattern protection requirement should be enforced on all work phones and if you are security minded and are using n-gage for your internal communications then remember that n-gage can also be password protected to avoid misuse even if someone does get into your phone.
You may think that using things like Apple’s TouchID is even more secure but it has been proven that with a high resolution photograph of a person’s thumbprint you can actually make fake fingerprints relatively easily that will read on most fingerprint scanners.
Even the experts agree that fingerprint readers are not perfect when it comes to security measures. A lot of companies are already looking for much more effective forms of biometric protection.
Alan Woodward, an expert in cybersecurity at Surrey University told the BBC “Biometrics that rely on static information like face recognition or fingerprints – it’s not trivial to forge them but most people have accepted that they are not a great form of security because they can be faked,” he added “People are starting to look for things where the biometric is alive – vein recognition in fingers [for example] are also biometrics but they are chosen because the person has to be in possession of them and exhibiting them in real life.”
- Set up a Google alert for your business name.
Hopefully all you will be alerted about is good news and award nominations but if someone did try to use your business name to say register a domain name falsely then you would be alerted and can begin to investigate. It can also be worth setting up Google alerts for the names of senior management in case either they say something that could be to do with your business or worse have their identity misused in some way. - Get into the habit of signing out of Social media accounts when you are done to avoid misuse of company accounts.
Signing out of company Social Media to avoid misuse is more important than it seems. Misuse does not necessarily mean abuse. It could be an innocent mistake like what happened to us recently when one of our senior managers who has access to the n-gage twitter account though he was tweeting his complaint to an airline about delays from his account but he was actually signed in to our main @ngage_app one! Luckily he noticed the mistake and corrected it before anyone saw!
But there is also the opportunity for abuse. Leaving your company account open could mean that a mischievous staff member might post something inappropriate or worse if it was their last day and they were not leaving on good terms they could change your password and recovery email address causing a lot of pain to try to get access again. - Regularly audit the privacy settings of online accounts.
If you are not using n-gage for your business communications then you should regularly check your privacy settings on all your communication channels to check that nothing has changed. - If you use Gmail – sign up for 2 step authentication.
It may seem like an inconvenience but Gmail’s 2-step authentication process adds a very secure level of protection for your email. Once enabled, whenever you try to log in to Gmail you will have a special code sent to your phone as a text message. What this means is that if someone does get hold of your password they still won’t be able to access your mails unless they have your cell phone too.
To enable 2-step authentication for your account just go to your Google account settings and select security. - Use c0mPL3x passwords.
Complex passwords are becoming more and more vital in today’s society. Whenever creating a password there are a few things to keep in mind.
Use variety with Uppercase, lowercase, numbers and especially special characters. Random strings are also better than words but can be difficult to remember. Using a system like Lastpass can make the process easier which stores all your passwords securely and provides them to you as you need them.
The other thing to keep in mind is to use different passwords on every site so that even if one of your passwords is compromised you only have to change that one.
Even the most complex passwords can be broken though so if you want the ultimate security on your work devices for communication then set up n-gage to be invisible on the homescreen (Android only). That way even if your phone is compromised your messages will still be hidden from prying eyes! - Clear browser history and cache regularly.
If you are not using incognito mode as mentioned above then clearing out your browser history and cache regularly is a must. It will delete all the information that the websites you’ve visited have stored locally on your machine for them to access. This could be anything from dates and times online to account names and even passwords on some insecure sites.
That way if you ever lose your laptop or someone accesses your PC you will have minimised the amount of personal information that they can access. - Encrypt business hard drives.
Encrypting your hard drive is not something that you would naturally do but if you want total security then it is advisable to do so. Windows machines have been encrypting drives since Windows 8.1 and If you are on a Mac then during setup you are offered the option to encrypt your drive via FileVault.
On mobile devices however it becomes more difficult if you are an Android user. A lot of messengers promote end-to-end encryption but did you know that the majority of them still don’t encrypt your messages or media when they are on your device? That means if someone gets hold of your phone and looks through the file system they can easily access your messages. This problem was why n-gage introduced TRUE end to end encryption which included encrypting everything on your device and while it is in transit. - Limit internal use of Social networks.
There are numerous social networks serving different uses, from dog owners and leisure to music to theatre, used for everything from friending to finding a job. Some are more or less appropriate, and others are less than secure. Employee association with a social network that is considered off-color in any way will come back and haunt the company.
Make sure that you restrict access to any unpalatable sites so that your staff cannot cause damage to your company and brand. - Set up secure VPN’s for any off-site workers.If you have workers who are off site a lot but need to connect in to internal systems, make sure that they are doing it through a secure Virtual Private Network (VPN).A VPN is a direct tunnel through the internet between your staff member’s computer and your systems which snoopers cannot see what is going on inside or access. It’s like in the movies where the helicopter is chasing the car and the car goes into a tunnel. The helicopter doesn’t see the car empty and get into a different vehicle to escape the scene.