News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Please Add to These SOHO Best Security Practices?

    Posted on Michael Austin Comment on the AskWoody Lounge

    Home Forums Admin IT Lounge Please Add to These SOHO Best Security Practices?

    Viewing 2 reply threads
    • Author
      Posts
      • #1994525 Reply
        Michael Austin
        AskWoody Plus

        My SOHO-sized company now needs to distribute this. Please add to it? Thank you! 🙂

        __company name__ Small Office-Home Office (SOHO) Best Security Practices and Guidelines Summary

        As a friend of __company name__ or an advisor, ambassador or contractor, we suggest that you observe this summary of guidelines about securing your sensitive computer and mobile data. If you’re not expert about these things please request the help of qualified, expert computer security people about it all.

        1.) Subscribe to and use an automatically-updated Internet security software suite which covers all your computers, your mobile devices (smartphones, laptops, tablets), your local network, and your network’s points of access such as its printers. If you transfer lots of sensitive data which need advanced security then we suggest that you consider adding a managed hardware firewall appliance in addition to your Internet security software.

        2.) Software and hardware are “leaky”. Ensure that all your computing devices are automatically and regularly updated with their manufacturer’s and software publisher’s security patches.

        3.) Never send sensitive data via unsecured e-mail. Sending sensitive data via unsecured e-mail is like sending them via postcard. Only it’s worse than that: automated network-sniffing software can and does intercept everything you send. It’s mostly good guys who do this. But why take chances? Use encrypted e-mail for all sensitive data.

        4.) Use a password and on-line credentials management utility for your all computers and mobile devices. The utility must make easy and smooth for you to use its automatically-generated, account-specific passwords for specific accounts. It must automatically fill on-line forms, or even forms local to your computer’s operating system, each time you use a specific account.

        Never use the same password twice for any reason. Use only one randomly-generated password for each account which is never used a second time on any other account. Change your passwords every so often when sensitive data are involved behind your credentials. Although many people do so, we recommend against uploading your log-in credentials to any cloud or company account. We prefer our own, local copies in our complete control, backed up in multiple, off-line locations.

        Disable every other form of password credentials management on your computers and mobile devices, especially those in your Internet browser(s). Encryption using 256-bit AES security is our preferred baseline.

        5.) Always have automatically-generated back-ups of all your data. You can use hard drives on your own network. Two local, identical back-ups on different drives, with the same data, using two different types of back-up software are not too many. We prefer to add cloud service back-up in case you’re unexpectedly parted from your hard drives. How often should you back-up your data? Answer that by asking yourself how much of it you can afford to lose.

        6.) Start using reliable virtual private network (VPN) software on all your mobile devices whenever they are outside your home, secured network — and connected to a public, unsecured network. Never send sensitive data (credit card numbers, driver’s license, social security numbers) across an unsecured public network like java joints or restaurants. Use your software VPN.

        7.) Store sensitive data on your local devices only when they’re encrypted. Bank account numbers, driver’s licenses and the like are easy to scan via sniffing software.

        8.) Harden your local network. Check and see if your gateway/router/modem is using network address translation (NAT) and that it has at least some sort of configurable firewall. Never ever accept only your internet service provider’s word about how to secure and transport your data. Their service for you is primarily about sending your data, not securing it.

        9.) Create your own little disaster recovery plan for ‘bare metal’ recovery and secured, live use of your data. Test it before anything actually happens.

        10.) Have a trustworthy computer expert try and break into your network and report their results to you.

        11.) Shredding isn’t just for surfers and skateboarders. Get and use a proper paper-shredder for all sensitive documents.

        12.) When you upgrade your equipment use secure-erase software which safely wipes your old data.

        Finance, social and tech founder. My new, planet-wide talk show, Casual Saints, is being readied for an April/May 2020 debut.

      • #1996211 Reply
        Michael Austin
        AskWoody Plus

        OK, there was an underwhelming response to this post. 😉 I would mention that my strategies had been unexpectedly tested in California’s Superior Court in a labryinthine case involving the theft and illicit sale of a former client’s confidential customer list. When the client’s company employee sold a paper copy of the customer list, one of the first questions the judge asked was, What about their computer network? My strategies and records were called to attention and easily passed muster.

        Finance, social and tech founder. My new, planet-wide talk show, Casual Saints, is being readied for an April/May 2020 debut.

        • #1996348 Reply
          anonymous
          Guest

          Your request was for additional items, not a critique of your already tested strategies. The lack of response would suggest general agreement that your list stands well, as is.

          Was there an additional strategy that you had left off this list, which merits discussion?

          1 user thanked author for this post.
          • #1996699 Reply
            Michael Austin
            AskWoody Plus

            Thanks for the reply, Anon. I continued to add to that list and it’s now two pages of 9-point type at 8 1/2″ x 11″ size.

            Finance, social and tech founder. My new, planet-wide talk show, Casual Saints, is being readied for an April/May 2020 debut.

      • #1997652 Reply
        wavy
        AskWoody Plus

        . Change your passwords every so often when sensitive data are involved behind your credentials.

        I have disagreed with this notion for more than a decade and it seems the security ‘experts’ are finally coming around to my POV. Use a strong unique password and store it on encrypted USB or us a password protected password manager. I do not trust synced or cloud based solutions. I would look carefully at USB port policies and consider disabling user accessible ones, they are very tempting security hole. Remember Stuxnet!
        If you big enough to have a person in charge of IT make sure ONLY that person has an Admin account and keep the execs to the same level as workers!

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        1 user thanked author for this post.
        • #1997682 Reply
          jabeattyauditor
          AskWoody Lounger

          If you big enough to have a person in charge of IT make sure ONLY that person has an Admin account and keep the execs to the same level as workers!

          If you do this, keep a printed copy of those admin credentials under lock & key somewhere – lone admins have been known to have health issues (sometimes of a permanent nature) at the most inopportune times. (Top-level management has the key, of course.)

          1 user thanked author for this post.
    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Please Add to These SOHO Best Security Practices?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.