In our first pillar of digital security, we tackled the framework of your security system – hardware. Now it’s time to address the other side – software.
Although you might think of software just as the applications you run on your computers, like QuickBooks or Microsoft Office software actually has a much broader meaning. From your operating systems to programs to internet browsers and utilities, software means any instructions or programs that tells your computer what to do. Securing these instructions is critical to make sure scammers can’t make those programs work for them instead of you.
The Basics: Anti-Virus Software and Updates
When it comes to digital security, the first thing most people probably think of is probably software, in the form of anti-virus scanners and system updates. These basic components of digital security are incredibly important. They shouldn’t just be programs on your computer, but an integral part of the culture of digital security at your business.
Regular anti-virus scans and updates keep your computer healthy, just like your annual physical. Although your firewall will hopefully detect a good portion of viruses, ransomware, malware that try to infiltrate your system, these scans offer an additional layer of protection. And don’t forget – nefarious programs can come through physical means too – from a CD or USB drive inserted directly into your system, something a firewall can’t catch.
In addition, you’ll want to keep up with updates from any software you use for your business, even if that software isn’t security related. You might not think of your efax service as a security risk, but what if a fraudster is able to hack it and start sending faxes pretending to be you? Security updates are necessary for all kinds of software, not just your security software itself.
Securing Your Email Software
Did you know that 92 percent of hacks begin with a phishing or spear phishing email? That’s according to a 2015 report from Verizon. Securing your email should be a top priority. That’s why it’s important to use industry-leading spam and virus filters, like Mimecast, to filter and protect against spam, viruses, phishing, and malicious attachments.
In addition, If systems support it, enable email transport encryption. Although it’s likely that your email password is transmitted securely even when signing in on a public wifi network, when your messages are sent, they can be intercepted. Using transport encryption ensures that even if thieves try to intercept a message, they won’t be able to read it.
Digital Security for Your Domains
Your domain name – essentially your website address – is a critical component of software security. If a scammer can hack into your email and access your GoDaddy account, your business is in big trouble. Not only can these thieves mess with your website and post potentially embarrassing or obscene content, but they can also redirect your website to a similar-looking site they’ve created, redirect emails intended for you to their own server or send emails pretending to be you.
Domain and website security has three main components:
- Two-factor authentication for domain registrar, DNS and other hosting environments.
- Implement Domain Name Security Extensions
- Configure Sender Policy Framework for email servers
Start by controlling who has access to your domain management portals and how. Set up two-factor authentication (a two-step procedure for access, like a password plus an email or a text message) for your domain registrar, DNS and other hosted services, like hosted email, conference calls or phone. That will make it tougher for thieves to steal these platforms from you and use them for their own devices.
Next, implement DNSSEC to make sure your DNS records cannot be compromised or taken over. Domain Name Servers (DNS) are like the internet’s version of the phone book. They connect domain names – yourbusiness.com – to IP addresses, the numbers that tell your computer the exact destination of your webpage, like your home address tells the mailman exactly where you live. DNSSEC, or Domain Name Security Extensions, is a way of checking to make sure that the information on your DNS is correct and hasn’t been taken over by scammers by verifying it against additional information about your domain.
In addition to DNSSEC, you’ll want to configure an SPF – Sender Policy Framework – record to protect against malicious domain spoofing. SPF creates additional details in your DNS entry that shows what servers are authorized to send emails on your behalf. If an email comes from a server that doesn’t match your SPF, it will be considered fake and likely won’t be delivered. SPF ensures that emails sent by someone pretending to be you will end up in the receiver’s spam folder, and makes it more likely that the legitimate emails your business sends end up in someone’s inbox and not in spam.
Secure Software for a Secure Business
These software security best practices are critical to keeping your business’ digital environment secure. Now that we’ve secured both your hardware and your software, next up, we’ll tackle the people and procedures that make digital security work.