Five essential security measures to protect

your business—no matter its size

Paranoia—in small doses—is an excellent preventive medicine. If you think your
business is too small to be a target for hackers, identity thieves, and similarly unsavory
characters, you’re dangerously underestimating the value of your business.

IT security might seem to be a daunting prospect for a small business without an expert
staff, a large budget, or expensive consultants, but you can take a number of easily
implemented measures to lock down the personal computers your business relies on.
Here are five simple security tips you should implement today.

Encrypt your hard drives

The first step is to implement full-disk encryption on each one of your company’s PCs.
This step is crucial because system passwords alone offer no defense against hackers’
accessing the hard drive from another computer, or against someone’s attempts to
clone its entire contents for off-site examination. In addition, recovering previously
deleted files from an unencrypted storage device or disk image is a relatively trivial
matter for an attacker or snoop.

Selectively encrypting sensitive folders or files works, too, but full-disk encryption is the
best means of ensuring that every file is protected. Microsoft’s BitLocker is the gold
standard for this task, thanks to its ease of use and the fact that it comes standard with
the Ultimate and Enterprise versions of Windows 7, and with the Ultimate and
Professional versions of Windows 8.

Although you can upgrade to one of these versions of Windows to obtain BitLocker,
such a move can be cost-prohibitive if you have more than a few computers in the
office. You can also find no-cost encryption software in the form
of DiskCryptor and TrueCrypt (although the latter is not compatible with Windows 8).
You must take care, however, to ensure that these programs are properly configured.

“One needs to consider every particular case,” says ReclaiMe spokesperson Elena

Pakhomova, “since encryption is sometimes implemented incorrectly and you still have
a chance to extract data.” ReclaiMe develops software for recovering data from hard
drives and RAID configuration parameters, among other programs. For details on how
to encrypt files the right way, read our hands-on guide.

Limit access
Enabling disk encryption automatically mandates the use of passwords, but it does
nothing to stop users from choosing passwords that are easily cracked. Given that the
strongest encryption is of little use if the passphrase is quickly guessed, it makes sense
to choose a robust password that is not too short and that contains sufficient complexity.
Once disk encryption and strong passwords are in place, you can further harden your
security by configuring Windows to prompt for the password upon waking from sleep
mode. Be sure to set a reasonably short inactivity timeout of no more than 10 to 15
minutes for the PC to enter sleep mode.

Better yet, develop the habit of using the Windows-L keyboard shortcut to lock your PC
when you step away from it—even if you’ll be gone for just a few minutes. This step not
only prevents data from being siphoned out during your absence but also serves as an
effective way to prevent unscrupulous insiders with physical access to your computer
from installing malware on it surreptitiously.

Use secure portable storage 

Conceived by Microsoft as a way to protect data stored on portable storage devices, the
excellent BitLocker to Go technology can prevent lost or stolen storage devices from
becoming liabilities. Although you can enable BitLocker to Go on an external drive only
through one of the aforementioned BitLocker-equipped versions of Windows, a
BitLocker to Go-enabled device can be subsequently used on all supported Windows
operating systems, meaning that a small business can implement it companywide
without having to upgrade everyone to a Windows edition that includes BitLocker.

ApricornYou can't access the contents of Apricorn's Aegis Bio 1TB hard drive without first verifying your
identity via its fingerprint scanner.
You should be aware, however, that computers running Windows XP or Windows Vista
won’t recognize USB drives encrypted with BitLocker to Go unless you install
the BitLocker to Go app. Mac OS X computers won’t recognize such drives, either. You
can read more about using BitLocker to Go with Windows 8 in our complete guide.

A hardware alternative would be to make use of specialized hardware-encrypted

storage devices, such as the Lok-It flash drive or the Apricorn Aegis Bio portable hard
drive. Be particularly careful with unbranded devices or those from vendors with no
track record, as not all devices offering hardware encryption implement it correctly.

Use a password manager

No one disputes the value of using a different password for each website, but
surprisingly few people actually follow the practice. Most users opt for the convenience
of using the same password across multiple Web services, even though it leaves them
open to severe consequences—including identity theft and financial loss—should
hackers snag their password.

Using a password manager is much easier than trying to remember dozens of complex passwords.

Instead of trying to memorize a dozen different passwords, set up the right tool to better
manage your passwords. Numerous apps are capable of this, including Sticky
Password Pro, LastPass, and Roboform. As a bonus, many of these tools can generate
strong passwords on demand and can even fill out login pages with the correct
password automatically.

Don’t ignore security updates

Finally, it is of paramount importance to ensure that your computer has the latest
software updates and security patches. Confirm that Windows Update is correctly
configured to download updates automatically, and then periodically check for errors or
failed updates. The same advice goes for common attack vectors such as Oracle’s Java
runtime environment (JRE) and popular software such as Adobe Reader and Apple
QuickTime. A software tool that is of invaluable help here is Secunia Personal Software
Inspector (PSI), a free patch-management program that tracks and installs updates to a
large number of third-party applications.