Criminals and snoopers are generally looking for the easiest way in. Sure, there're some hackers who love a challenge, but the average wrongdoer wants an easy mark. Most people looking to take advantage of your business' lax security are going to want the path of least resistance--and that may be through you, your employees or your company's devices. Even though my company makes intricate connection-protection software, sometimes the easiest things can be the most effective. While you need sophisticated security measures to keep out the more devious hackers, many of the worst things that can happen can be stopped with these easy measures.
- Add a Code or Pattern Lock To Your Phone (And Make Your Employees Do It Too). The easiest way to keep someone out of a phone that might have secure information on it is to add a code or pattern lock. Most phones can be locked with a four-digit (or ideally more) pin code. This is a simple means to cut out the easygoing criminal who can simply take your phone and anything you've got on it. Android phones can also use pattern locks that require a particular movement of the finger to unlock. While they're not impossible to crack, they're the first line of defense you should have.
- Use the built-in mobile (and desktop) security. Both Google and Apple both have in-the-box security measures that can remotely lock or wipe a phone. Activating them means that you can automatically control and secure anything you own. Apple computers also come installed with Find My Mac, which will allow you to similarly remote-wipe or remote-lock a computer that's compromised.
- Use A Password With Capital Letters And Symbols. I've recommended multiple times that people use 1Password and other password vaults. However for some people these are complex (and cumbersome on mobile devices). In the end, if you're going to use your own memorable password, simply add in an exclamation point and a capital letter. For example, using How Secure Is My Password, the password anchorfree would be cracked in about 9 hours. Simply capitalizing the A raises that to a year. Adding an exclamation point (Anchorfree!) raises that total to 967 years. You should still stay away from common words and repeated patterns (IE: the same number in a row).
- Put Antivirus and Anti-malware software on every single computer--and keep it updated. Antivirus and Anti-malware software is cheap even on a company level. There's no excuse--but the most common mistake that people make is to assume it's something you set and forget. Update them. Check for a new update every day. It seems obsessive, but it's the easiest thing in the world to do to protect yourself.
- Limit Certain Attachments On Corporate Email. It's a simple request, but get your IT manager to block certain file attachments on the corporate network. This includes .exe files, .cmd files or anything that isn't clearly work-related--even .zip files are unnecessary in the age of Dropbox folders. This will mean virus-laden attachments are unlikely to even make it to inboxes--before your internal antivirus needs to scan them.
- Limit Bring-Your-Own-Device Access (and Provide Them With A Computer). Large companies are able to use Bring-Your-Own-Device technology to make it safe and secure to bring your own laptop or phone onto the corporate network. These can be immensely expensive for a smaller team--the easiest way to do so is to simply provide a computer for them to work on. Put immensely sensitive information on an internal server that can only be accessed from the building. If it needs to be removed, make sure it's done so in a manner that's trackable using a login for each user. In a more globally-distributed company, you'll have to eventually migrate to BYOD for maximum security and flexibility.
- Educate Your Employees. A list like this is actually pretty useful to employees--some will roll their eyes and say how obvious these tips are, but it only takes one person to cause a breach. There may even be the person who says how obvious these things are--but didn't actually know all of them. Never assume you or your employees know even the most basic security facts. What you don't know might surprise you.