3 Control access to sensitive information by requiring employees to use “strong” passwords that contain a mix of letters, numbers and characters. Consider using multi-factor authentication, such as requiring the use of a password and a code sent by different methods.
3 Use password-activated screen savers to lock employee computers after a period of inactivity. Lock out users who don’t enter the correct password within a designated number of attempts.
3 When installing new software, immediately change vendor-supplied default passwords to a more secure strong password.
■ Laptop Security
3 Restrict the use of laptops to those employees who need them to perform their jobs and require them to store in a secure place.
3 Assess whether sensitive information really needs to be stored on a laptop. If not, delete it using a “wiping” program that overwrites data on the laptop.
3 If a laptop contains sensitive data, encrypt and configure it so users can’t download any software or change the security settings without approval from your IT specialists.
■ Firewalls 3 Use a firewall to protect your computer from hacker attacks while it is connected to a network.
3 Determine whether you should install a “border” firewall where your network connects to the internet. Set “access controls” that only allow trusted devices with a legitimate business need to access the network.
3 If some computers on your network store sensitive information while others do not, consider using additional firewalls to protect the computers with sensitive information.
■ Wireless and Remote Access
3 If you use wireless devices like smartphones, tablets or inventory scanners to connect to your computer network or to transmit sensitive information, consider limiting who can use a wireless connection to access your computer network. Encrypt the information you send over your wireless network, so that nearby attackers can’t eavesdrop on these communications.
■ Digital Copiers
Your information security plan should also cover the digital copiers your company uses because the hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails.
3 When you’re buying or leasing a copier, consider the data security features offered, either as stan- dard equipment or as optional add-on kits.
3 Once you choose a copier, take advantage of all its security features. Make it an office practice to securely overwrite the entire hard drive at least once a month.
3 When you return or dispose of a copier, find out whether you can have the hard drive removed and destroyed, or overwrite the data on the hard drive.
■ Detecting Breaches 3 To detect network breaches when they occur, consider using an intrusion detection system.
3 Maintain central log files of security-related information to monitor activity on your network so that you can spot and respond to attacks.
3 Monitor incoming traffic for signs that someone is trying to hack in. Keep an eye out for activity from new users, multiple log-in attempts from unknown users or computers, and higher-than-aver- age traffic at unusual times of the day.
3 Monitor outgoing traffic for signs of a data breach. Watch for unexpectedly large amounts of data being transmitted from your system to an unknown user.
3 Have in place and implement a breach response plan. 26 | The Retailer Magazine | Mar/Apr
| Page 2
| Page 3
| Page 4
| Page 5
| Page 6
| Page 7
| Page 8
| Page 9
| Page 10
| Page 11
| Page 12
| Page 13
| Page 14
| Page 15
| Page 16
| Page 17
| Page 18
| Page 19
| Page 20
| Page 21
| Page 22
| Page 23
| Page 24
| Page 25
| Page 26
| Page 27
| Page 28
| Page 29
| Page 30
| Page 31
| Page 32
| Page 33
| Page 34
| Page 35
| Page 36