10 Information Security Practices to Protect Your Business Data

In today’s world, protecting yourself and your company from a potential data breach is more important than ever before. Fortunately, there are several simple things you can put into practice in your life—both at work and at home—to help keep information secure. As a transactional customer communications provider, working with businesses in numerous highly-regulated industries, Venture Solutions has many information policies and procedures in place to protect the information we have access to. The following list includes just 10 of the many practices we follow at Venture Solutions that you can also easily put into practice in your work and home settings:

  1. Use Strong Passwords – Passwords should have at least eight characters (more is better) and include uppercase and lowercase letters, numerals and special characters. Keep different passwords for different accounts. Choose different passwords for work systems than what is used for any other account. Be sure to change passwords regularly (a good rule of thumb is every six weeks).
  2. Be Careful When Using External Drives – Here at Venture, the use of external devices is disabled, but if you’re not able to disable all devices in your work place, and especially with use at home, be sure you’re cautious when using these. Never use the same external device at work for personal matters on your home computer. Password protect external drives whenever possible. Do not let fellow colleagues or business partners use the same drive you store work files on.
  3. Phishing Phishing is a tactic used to obtain data, such as credit card numbers, passwords, account data or other information, which typically entices email recipients to click on a link or open an attachment that results in malware being downloaded onto your computer. Because of Phishing, it’s important to be cautious with emails, even those that appear to be from a trusted entity. Never respond to unsolicited emails and do not open attachments contained in those messages. If you’re ever questioning a communication you receive, check with your IT department before clicking a link or attachment.
  4. Online Transactions When shopping online, look for the lock symbol or “https” in the website’s URL which indicate the transactions are secure. Never use a public computer or public wireless access for online transactions. Use credit cards rather than debit cards for online purchases as credit cards are protected by the Fair Credit Billing Act and may reduce your liability if your information was used improperly.
  5. Administrator vs. Non-Administrator Accounts – Administrator or “Admin” accounts have more control over programs and settings for your computer. Hackers can potentially take control of your computer by accessing these accounts. Non-Admin accounts, or guest accounts, can still use programs, but limit the ability to make changes that hackers need to harm your computer. Remember to change the default password on your Admin accounts and always run your computer as a non-administrator user unless otherwise needed.
  6. Keep Systems and Software Current If systems and software are not updated often, vulnerabilities can be used to control your computer. Set programs and systems to auto-update to make sure you aren’t missing a critical update. In addition to operating systems, make sure to also set updates for all programs that access the Internet. If you aren’t receiving frequent update notifications at work, check with your IT department to make sure your computer is receiving all updates.
  7. Secure Mobile Devices Set passwords and enable a screen lock or an auto lock on all portable devices. If your device has Bluetooth functionality and it’s not used, check to be sure this setting is disabled (some devices have Bluetooth enabled by default). If you use Bluetooth, change the default password for connecting to a Bluetooth-enabled device. Never connect to free public Wi-Fi without a VPN, unless you’re comfortable sharing your passwords with anyone within range. Encrypt data and data transmissions with a VPN client whenever possible.
  8. Enable Firewalls Firewalls filter inbound and outbound traffic between your network or computer and the Internet. Firewalls can block intruders and unwanted traffic from getting on your computer. Make sure your computer’s firewall is enabled.
  9.  Use Anti-Virus and Anti-Spyware Programs Anti-virus programs stop viruses, worms or other malware. Anti-spyware programs can also stop malware such as pop-up advertising, collection of personal information or changing the configuration on your computer. However, antivirus is only as good as its last update. Keep these programs current by keeping the license active and setting them to auto-update.
  10. Secure Wireless Networks Wireless networks are not as secure as the traditional “wired” networks, but you can minimize the risk on your wireless network by enabling strong encryption, changing the default password, changing the Service Set Identifier (SSID) name (the name of your network), as well as turning off SSID broadcasting and using the MAC filtering feature. This feature allows you to designate and restrict which computers can connect to your wireless network.

Take the time now to put into place these security practices at work and at home. If you’re wondering if your company follows the practices listed above, speak with your IT department. Remember, when it comes to protecting information, it’s always better to be safe than sorry.

Follow our blog to learn more about security practices and other important industry topics.

About the author

Information Security Officer

David joined Venture Solutions in 2001. In his current role as information security officer, David manages compliance of information security policies at Venture’s Dallas-Fort Worth, TX facility. He coordinates and facilitates client audits and manages remediation of audit findings. David is also responsible for testing and training of security processes and he creates and amends policy documents to reflect changing environments and requirements. In total, David has 13 years of experience in the areas of information security, communications security and encryption.