Online Reputation Management — Jessica Merritt, August 2014
With such serious security risks threatening every organization’s reputation, it’s clear that companies can benefit from tight security. And we’ve seen that even companies like Target that may think they have security under control still have serious room for improvement. How do security experts recommend that companies protect against security threats and compromised reputations? Read on for their recommendations:
- Give security the attention it deserves: “When a company’s reputation is at stake, it’s a grave error to treat security as a mere compliance checkbox,” says Maler. Perhaps the most important step to better security is realizing that it’s likely you can always do better.
- Get help from customers: Maler recommends instilling confidence and better security simultaneously by getting customers involved. “Better security doesn’t have to impose new inconveniences on customers if you weave contextual factors into user interactions, such as treating the use of previously unseen devices or surprising combinations of time, place, and task as more suspicious,” she says. “You can even ally with your legitimate customers to be on the lookout for bad actors by letting them configure the ability to receive notifications of account activity as it happens.”
- Secure networks, no matter what: “Whether you’re 500 employees strong or just a two-man operation, it is always important to work over a secure network,” insists Vysk Communications CEO and cofounder Victor Cocchia. “In the office, Wi-Fi connections should be placed behind the company firewall. When mobile, always use a Virtual Private Network (VPN) connection when signing in to any outside or unknown Wi-Fi system. You can setup your own VPN for as little as $199.” He recommends that instead of using public cloud services like Dropbox or Google Drive, companies should utilize VPN and private servers.
- Make customer privacy a priority: Cocchia recommends that companies implement and enforce robust privacy policies and practices. This includes Secure Sockets Layer (SSL) certificates, and policies against discussing or transferring data like passwords, company financials, and credit card numbers over non-secure channels such as email, text, or Skype.
- Add multiple layers of authentication: Missouri University of Science and Technology professor of computer science Dr. Sanjay Madria encourages organizations to think beyond login and password access. He points out that many companies still use only one level of authentication, and while many are now adding multiple levels, they still have a long way to go.
- Boost employee security training: Employees are often the first line of defense (or access) for hackers. Roth shares that businesses need to educate employees. After all, security tools are only as good as the people using them. “Tell employees to not open up shady e-mails, or to hover over any links to make sure they are going to the right place,” says Roth. “Don’t download attachments and files from e-mails you are not aware of. When you are online, be sure to only visit safe sites and always have your antivirus and firewalls up to date.”
- Insist that company devices remain secure: SystemExperts consultant Jason Rhykert points out, “It is not uncommon these days to walk into a small shop/office where the employees are surfing the Internet, checking Facebook and their personal email, on the same system that they will swipe your credit card on when you check out.” This is clearly a security risk — and one that must be contained.
- Use adequate firewalls to protect sites: Roth warns that a free software firewall is not enough. Major firewall protection should be used, and it’s important that patches are installed and up to date on all of your servers. Roth also encourages companies to keep as much information disconnected from the Internet as possible.
- Don’t overlook the basics: Rhykert encourages companies to not forget about basic security protocols. He insists that companies need to cover basic but essential issues like end user awareness, strong passwords, how to spot phishing/vishing attacks, disabling/filtering unnecessary services, patches, the concept of least privileged, and change control.
See more at Online Reputation Management.