■ Authentication

3 Control access to sensitive information by requiring employees to use “strong” passwords that contain a mix of letters, numbers and characters. Consider using multi-factor authentication, such as requiring the use of a password and a code sent by different methods.

3 Use password-activated screen savers to lock employee computers after a period of inactivity. Lock out users who don’t enter the correct password within a designated number of attempts.

3 When installing new software, immediately change vendor-supplied default passwords to a more secure strong password.

■ Laptop Security

3 Restrict the use of laptops to those employees who need them to perform their jobs and require them to store in a secure place.

3 Assess whether sensitive information really needs to be stored on a laptop. If not, delete it using a “wiping” program that overwrites data on the laptop.

3 If a laptop contains sensitive data, encrypt and configure it so users can’t download any software or change the security settings without approval from your IT specialists.

■ Firewalls 3 Use a firewall to protect your computer from hacker attacks while it is connected to a network.

3 Determine whether you should install a “border” firewall where your network connects to the internet. Set “access controls” that only allow trusted devices with a legitimate business need to access the network.

3 If some computers on your network store sensitive information while others do not, consider using additional firewalls to protect the computers with sensitive information.

■ Wireless and Remote Access

3 If you use wireless devices like smartphones, tablets or inventory scanners to connect to your computer network or to transmit sensitive information, consider limiting who can use a wireless connection to access your computer network. Encrypt the information you send over your wireless network, so that nearby attackers can’t eavesdrop on these communications.

■ Digital Copiers

Your information security plan should also cover the digital copiers your company uses because the hard drive in a digital copier stores data about the documents it copies, prints, scans, faxes or emails.

3 When you’re buying or leasing a copier, consider the data security features offered, either as stan- dard equipment or as optional add-on kits.

3 Once you choose a copier, take advantage of all its security features. Make it an office practice to securely overwrite the entire hard drive at least once a month.

3 When you return or dispose of a copier, find out whether you can have the hard drive removed and destroyed, or overwrite the data on the hard drive.

■ Detecting Breaches 3 To detect network breaches when they occur, consider using an intrusion detection system.

3 Maintain central log files of security-related information to monitor activity on your network so that you can spot and respond to attacks.

3 Monitor incoming traffic for signs that someone is trying to hack in. Keep an eye out for activity from new users, multiple log-in attempts from unknown users or computers, and higher-than-aver- age traffic at unusual times of the day.

3 Monitor outgoing traffic for signs of a data breach. Watch for unexpectedly large amounts of data being transmitted from your system to an unknown user.

3 Have in place and implement a breach response plan. 26 | The Retailer Magazine | Mar/Apr

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36