In the latest instalment in our series of Google Hangout advice sessions, we invited two digital security experts to answer questions about keeping your business safe online.
Trend Micro’s Helge Husemann and Brian Honan from BH Consulting fielded questions from business owners concerned about digital security. You can watch the hangout below, and read summaries of their answers after the video.
Are USB sticks safe?
Helge Husemann said that it is possible to prevent users’ USB sticks working on computer networks, or to limit their use to sticks that are mandated as safe by the administrators. “There are certain ways to lock down USB ports,” he said.
How can I protect my Wordpress site?
Brian Honan recommended the use of a plugin called Wordfence, which automatically scans Wordpress sites for viruses or security breaches.
What are the challenges of using a third party platform like Wordpress?
Helge said that poor design is one of the major security risks affecting sites built on these platforms. He added that any ad serving technology should be carefully chosen, and that security certificates should be properly checked. Brian said that platforms like Wordpress should always be kept up to date in order to plug security holes, and that widgets and plugins should be from a “reliable source”. He also said that comments should be actively moderated.
Is it safe to use the same password for everything?
Helge said that it depends on the strength of the password, and that passwords should never be based around publicly available information.
How can I choose a reliable password manager?
Brian said this comes down to the principle of “buyer beware”. He recommended LastPass, 1Password, and Password Safe.
What is a password manager?
Helge explained that password managers help users to collect multiple passwords. Brian suggested that they are safe in that they are encrypted, but that using a single, simple password to manage all of your other passwords is like “putting things in the safe and not locking the safe.” He said that the advantage of these services is that they can create complex passwords, which is one of the key means by which you can protect yourself.
Brian also explained that Gmail offers a dual level password protection system, through which users must type a code that is sent to them by text, in addition to their regular password.
Is internet security training useful?
Helge said that there is a lot of information around, including RSS feeds alerting users to virus outbreaks. He said, however, that it is important that business critical information cannot leave the business accidentally, and that employee training is vital for this. Brian said that the European Network and Information Security Agency (ENISA) offers high quality, free training material, including videos. He also said that Trend Micro’s Rik Ferguson offers good protection advice on YouTube.
Can I get help from my cloud provider in the event of an outage?
Brian highlighted that there are multiple levels of service required to access the cloud. It relies on the cloud provider, their internet provider, and your internet provider. He said that the first step is to identify which of these levels is at fault. He said that it is important to have some expert IT advice on hand, and that you should check cloud providers based on their terms and conditions regarding outages.
How can I protect my files in the cloud?
Brian said it is important to choose reputable cloud providers, based on both outages and the long-term stability of the company itself. “You may need to consider a backup, or having some way of getting your data back,” he said. He added that security is these firms’ “bread and butter”, and that the high levels of security offered by many cloud providers is better than that which could be afforded by many small businesses. He cautioned that data collected by companies on customers cannot generally be exported outside the EU, and that cloud providers should be chosen accordingly. He also added that highly sensitive data should be further protected, perhaps by avoiding the cloud, in order to mitigate the potential for unauthorised access.
Helge also said that users should be aware that once something is in the cloud, it is impossible to completely delete it.
Is it ever OK to disable antivirus?
Brian said that installers that ask for antivirus to be disabled should be treated with caution, and that whether or not you choose to do so should depend on the nature of the software.
How do I get rid of a virus?
Helge said the first step is to quarantine or delete the virus through antivirus software. He also said there are free tools available online to help you determine whether or not you have been affected. Brian said that Trend Micro’s House Tool, downloadable for free, will also scan your system. The more sophisticated viruses, though, will circumvent antivirus. In these instances Brian said that users may need to use a ‘rescue CD’, downloaded from the internet and burned on an uninfected computer, to properly boot and scan the infected machine.
Are free digital security products safe to use?
Brian said that free products “may suffice” for small ventures with a single machine, provided that they are automatically updated once or twice a day. If, however, the number of computers grows, then paid-for solutions will be necessary.
Can I install antivirus software on a smartphone?
Helge said that the Android app store is “not that highly policed”. It is important, he said, that users check permissions for applications that they install, whether on Android or iOS. Brian said that Trend Micro, Sophos, F-Secure, Symantec, and McAfee all offer antivirus tools for phones and tablets.
How can I stay secure when working remotely?
Brian said that laptops should be encrypted to protect against theft, and that secure backups are vital. He also said it is important to be careful about the wifi hotspots that you choose to connect to, and that nefarious individuals have been known to set up fake hotspots. Helge added that there are security solutions that will check the safety of hotspots automatically.
What are the signs of a digital security breach?
Slower connections or noticeably degraded performance may be the first sign of an infection, Brian said. He cautioned, though, that “computer criminals now don’t want you to know that your computer is infected,” and that viruses may not be noticeable at all.
How do I spot a harmful email?
Brian said that criminals generally try to hide links or viruses in emails and attachments, and that these should only ever be clicked on when they are known to be safe. In cases where links do need to be followed, users should copy and paste the link into a browser rather than simply clicking from the email client.
What’s the best antivirus software?
Helge said that your choice of antivirus will depend on your activities and what you are trying to protect, and that small businesses may wish to go for a dedicated small business solution.
How do I make my business more secure?
User education is critical, Helge said, adding that strong passwords are also vital. Brian agreed, highlighting the importance of employee training. He also underscored that businesses should be aware of their responsibilities under data protection laws.