Question: What is one simple step every business should take to ensure their data is secure (e.g. new passwords for all emails)?
Set Up EMV for Credit Card Payments
"If your business takes retail (swiped) credit card payments, be sure to upgrade to the EMV (Europay MasterCard Visa AKA chip technology) terminals before October 2015 when it's required. Chip payments are more secure for you and your customers!"
Update When Employees Leave
"Even if you have the most unique password in the world, a former employee with access and a grudge can cause big problems. Make sure that you know who has access to your accounts and immediately update passwords after a departure. Make this easier with password programs that generate and store your information in their database."
Perform Scans on Your Network
"You can only trust your employees to change their passwords and stay on top of it so much. I highly encourage other startups to perform scans on their network, to constantly test the strength of their data protection over and over. I've set up a scheduled routine of this process, so that I always feel secure."
Use Google's Two-Step Verification Process
"Since all my logins are tied to my email address (as are the reset password options), my email needs to be secure at all times. Google's two-step verification is an easy way to make your email and other associated logins secure by assigning app-specific passwords for each device you use. It will also send you a text message verification code that you need to enter to log in from a new device."
Hire a Hacker
"Have a hacker attack your systems and see what they say. How easy is it? Where are your vulnerabilities, and so forth? Outsourcing a security expert through a freelance site to perform a vulnerability assessment really shouldn't cost that much. And even doing it annually can be greatly beneficial."
"You can have every employee use a system like LastPass, where they don't actually see the passwords but they get autofilled based on their access. This way, when something happens (or just for good measure every few months) you can go in and update passwords, and no one needs to make any changes because they login from LastPass."
Use Encryption Software
"For particularly sensitive data, we use McAfee’s Endpoint Encryption software on our computers and external hard drives to make sure folks who need to see our information are easily able to while keeping intruders out. The installation process is very easy, and it’s a fairly cheap way to ensure the security of your documents."
"Firstly, for any external vendor logins, create separate accounts for each employee and give them the minimal amount of access necessary to do their job. Then use an Excel sheet to keep track of who has what login to what system so if they leave it makes it easier to remove their login (their passwords are separate). It's also important to setup a rotation schedule for the most important passwords."
Don't Email Sensitive Information
"As easy as email is to use, it's not a great way to transfer secure information. Instead of emailing data files or other sensitive information, use a secure FTP platform or other program that encrypts data that's in motion. These programs will typically scan for viruses and will log activity to prevent tampering and ensure best practices when it comes to data security."