used with permission from FTC.gov
by Andrew Smith, Director, FTC Bureau of Consumer Protection
An employee catches up on some work while visiting the local coffee shop. She grabs her Double Mocha to go, but accidentally leaves behind a flash drive with hundreds of Social Security numbers on it. When she returns, the flash drive is gone. Then there’s the staff member who needs to free up file room space. After he tosses a stack of old company bank records into the garbage, a dumpster diver spots the trash and walks away with a windfall.
At meetings with small business owners across the country, you told us you wanted straightforward guidance on how to step up cybersecurity at your company. To help meet that need, the FTC has introduced new resources on a dozen topics. This week’s focus: A key component of cybersecurity is effective physical security, as the examples above illustrate. And it begins with a plan to safeguard your equipment and paperwork.
As our factsheet describes, the starting point for any business is an up-to-date inventory of computers, flash drives, point-of-sale devices, files, etc. If they contain sensitive information, they belong in a secure part of your facility or in a locked file or cabinet. Make it office policy to log out of your network and applications when not in use. Never leave sensitive data unattended and limit access to employees who need the data to do their jobs.
The second step is to protect the data on those devices. Require passwords that are long, complex, and unique. To access parts of your network where sensitive information is kept, use multi-factor authentication. In other words, in addition to logging on with a password, require something extra like a temporary code on a smartphone or a key inserted into a computer. To stymie hackers, block access after several unsuccessful login attempts. Use encryption on laptops, flash drives, etc., that store sensitive data. Also encrypt confidential information you send outside of your company.
Finally, the FTC’s new resources make it easier to enlist your staff in your cybersecurity efforts. Talk about physical security at an upcoming staff meeting. There’s no need to start from scratch when you can use the factsheet to guide the discussion. Train your staff to maintain effective physical security even if working remotely from home or on business travel. And every employee should know what to do if a device or confidential file goes missing.
To learn more, contact us today.
With a global customer base, eMazzanti Technologies positions engineers and project managers in various locations…
Over a period of three weeks, most of the workforce in the United States found…
Three years ago, Microsoft launched Teams, a powerful component of Office 365 (now Microsoft 365),…
In our new work-from-home (WFH) world, the requirement for on demand video conferencing has exploded…
With the majority of employees working from home this spring, organizations have encountered new challenges.…
The average small to medium business (SMB) has most likely migrated at least some essential…