Why is security important? It may often seem that it only complicates our lives. Nevertheless, it is an essential part of our professional and private activities.
Imagine the following situation: you are managing Google Ads, and someone steals your login credentials. In the best-case scenario, they might steal company statistics and data; in the worst-case scenario, they could run ads for their product and set high spending limits.
Or the other way around: in the best-case scenario, they run ads, and in the worst case, they steal your company data. You probably already realize that both scenarios could lead to a serious problem.
Small vs. Large Company
You might think that similar risks only affect large companies, not small and medium-sized enterprises. However, that’s not entirely true. Smaller companies are targeted more effectively because they lack the resources and personnel to address security issues. Security is sometimes prioritized last for them. On the other hand, large companies have tens or even hundreds of people dedicated to security, responsible for protecting the company’s data and users.
How We Addressed Security Issues at Effectix
As an online marketing agency, we must protect both client data and our own. We are continually growing, bringing in new people, and inevitably some also leave. We have to manage access to platforms that streamline our work. We use the Google Workspace ecosystem, so we conducted an audit and established specific rules for spam emails. We implemented the Bitwarden password manager and grouped employees, allowing each department to manage passwords for their platforms. Bitwarden even supports two-factor authentication, which we can enable for any service that supports it. Two birds with one stone: strong passwords and two-factor authentication.
Since we work on the same internet network in the office, we have a firewall in place that monitors outbound and inbound requests within the network. It helps us track if anything suspicious is happening in the network, and if so, we know exactly who, how, and when it occurred. This allows us to address the issue before any damage is done.
We are obligated to have antivirus software because each of us uses a personal computer for work. At the same time, we cannot force anyone to install corporate monitoring programs.
Last but not least, training is crucial. If people are aware of the risks and understand what can happen, they learn to recognize a fake email or attachment. The internet is a fantastic technology with unlimited possibilities, but it also has its dark side. It’s like locking your apartment/house – you may believe that no one will break in, but what if they do?
What are the fundamental security rules?
1. Secure Passwords
This point should be a given. The internet is filled with statistics on the most common and weakest passwords—such as “Passw0rd” and others like this. The best practice is to have a strong and reasonable password that you can remember. Ideally, each service should have a unique password, which can be a challenge. In a better scenario, this might result in writing passwords in a note on your desktop, and in a worse scenario, in having passwords written on paper somewhere near the computer.
How to avoid such situations? Use a password manager where you only need to remember one password, the so-called master password, which decrypts the passwords stored in the password manager. The significant advantage is that the password manager generates very strong passwords for each service. Well-known password managers like Bitwarden, LastPass, and 1Password have official browser extensions, and with just a couple of clicks, they autofill the password into the form. With a password manager, you have one less thing to worry about.
2. Two-Factor Authentication
Another level of security that protects you from password leaks. How does it work? After logging into a particular service, you receive a code via email, SMS, or an app that you need to enter to complete the login. Most commonly, you encounter two-factor authentication when logging into your online banking, where a password alone is not enough; you also receive an SMS with a code. I recommend setting up two-factor authentication at least for critical services like Google, banking, and essentially anywhere you have sensitive information, including stored payment cards.
3. Locking Your Computer
Whether you’re in the office, at a café, or at a conference, always lock your computer. It only takes a moment for a potential attacker to inject viruses or steal your data. In an office setting, you might even be susceptible to pranks. It’s alarming if computer locking is overlooked. This signals a lack of necessary training on why it’s crucial to lock your PC. Even if you know everyone in the office, there’s still a risk that a client or a building administrator might come by, and you never know what might happen.
4. Antivirus Software
There are many antivirus programs, some of which are available for free. If you work with emails and frequently receive attachments or download files from unknown sources, antivirus serves as your second line of defense, with the first line being the next point.
5. Common Sense
Do you really need to download that amazing program your friend sent you? Is the email attachment legitimate? Why is the attachment named amazingresults.pdf.exe? Does this email come from a credible source? Does the website where you want to enter sensitive information have “https” at the beginning of the URL, indicating a secure communication protocol in the computer network? All these questions should come to mind when something like this happens. As the saying goes: measure twice, cut once, and this is no exception. You’ve likely also noticed news stories about people sending money to unknown individuals, falling for phishing emails, and similar incidents.
6. Backup and Encryption
When we talk about backup, it doesn’t mean copying your work to an external disk or flash drive. What if you lose it and it wasn’t encrypted? It’s ideal to use a company cloud for work, where you store company data, and have two-factor authentication set up for that account. Also, don’t forget about encryption. If you lose a disk, flash drive, or even a laptop, you’ll know that no one can access the data without your password.
7. Keep Your System Up to Date
In brief, keep your operating system and programs updated. Not only will you get new features, but you’ll also receive patches for vulnerabilities.