What is one simple step every business should take to ensure their data is secure (e.g. new passwords for all emails)?
The following answers are provided by members of Young Entrepreneur Council (YEC), an invite-only organization comprised of the world’s most promising young entrepreneurs. In partnership with Citi, YEC recently launched StartupCollective, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses.
1. Set Up EMV for Credit Card Payments
If your business takes retail (swiped) credit card payments, be sure to upgrade to the EMV (Europay MasterCard Visa AKA chip technology) terminals before October 2015 when it’s required. Chip payments are more secure for you andyour customers! – Darrah Brustein, Network Under 40 / Finance Whiz Kids
2. Update When Employees Leave
Even if you have the most unique password in the world, a former employee with access and a grudge can cause big problems. Make sure that you know who has access to your accounts and immediately update passwords after a departure. Make this easier with password programs that generate and store your information in their database. – Kelly Azevedo, She’s Got Systems
3. Perform Scans on Your Network
You can only trust your employees to change their passwords and stay on top of it so much. I highly encourage other startups to perform scans on their network, to constantly test the strength of their data protection over and over. I’ve set up a scheduled routine of this process, so that I always feel secure. – Rob Fulton, Exponential Black
4. Use Google’s Two-Step Verification Process
Since all my logins are tied to my email address (as are the reset password options), my email needs to be secure at all times. Google’s two-step verification is an easy way to make your email and other associated logins secure by assigning app-specific passwords for each device you use. It will also send you a text message verification code that you need to enter to log in from a new device. – Andrew Hoeft, Pinpoint Software, Inc.
5. Hire a Hacker
Have a hacker attack your systems and see what they say. How easy is it? Where are your vulnerabilities, and so forth? Outsourcing a security expert through a freelance site to perform a vulnerability assessment really shouldn’t cost that much. And even doing it annually can be greatly beneficial. – Nicolas Gremion, Free-eBooks.net
6. Use LastPass
You can have every employee use a system like LastPass, where they don’t actually see the passwords but they get autofilled based on their access. This way, when something happens (or just for good measure every few months) you can go in and update passwords, and no one needs to make any changes because they login from LastPass. – Nathalie Lussier, Nathalie Lussier Media Inc.
7. Use Encryption Software
For particularly sensitive data, we use McAfee’s Endpoint Encryption software on our computers and external hard drives to make sure folks who need to see our information are easily able to while keeping intruders out. The installation process is very easy, and it’s a fairly cheap way to ensure the security of your documents. – Firas Kittaneh, Amerisleep
8. Rotate Passwords
Firstly, for any external vendor logins, create separate accounts for each employee and give them the minimal amount of access necessary to do their job. Then use an Excel sheet to keep track of who has what login to what system so if they leave it makes it easier to remove their login (their passwords are separate). It’s also important to setup a rotation schedule for the most important passwords. – Cody McLain, WireFuseMedia LLC
9. Don’t Email Sensitive Information
As easy as email is to use, it’s not a great way to transfer secure information. Instead of emailing data files or other sensitive information, use a secure FTP platform or other program that encrypts data that’s in motion. These programs willtypically scan for viruses and will log activity to prevent tampering and ensure best practices when it comes to data security. – Doreen Bloch, Poshly Inc.