Written by Cheryl Blasnek , One Step's Implementation Service Director
These days, network environments are the object of attacks by hackers looking to steal and exploit information, identities, etc. In any company doing business over the Internet, using WiFi, email, credit card processing, etc., there are certain protocols that should be in place to protect your company from these attacks. For instance, when One Step does a review of a client’s environment for whom we are a Managed Services Provider, we have over 200 items that we check. We have listed a few of the more important standards available to you.
1) Passwords. A system not protected by passwords is at risk. Obviously, a system that requires authentication of the user will help thwart hacking attempts.
- In every instance, change default passwords immediately upon installing an application.
- All users should be required to change their passwords every 90 days.
- Your system should require that a password be “complex” in that it has a minimum length and must include upper and lower-case letters, number(s) and symbol(s).
- As employees change their passwords, the system should not allow a recent password to be repeated.
- Your system should also have a threshold of attempts, after which it will lock the user out.
- Never allow users to write down passwords. There are many programs available where passwords can be safely stored.
2) Backup Data.
- Maintain a daily backup and then test it monthly to be sure that it is working properly.
- The backup should be stored in an offsite location or the cloud to guard against a disaster at the store, including flooding, fire, storms, etc.
- If an outside party is maintaining your backups, be sure to know the retention rate. Most will keep backups for at least a week.
3) Anti-virus/Malware/Spyware. Protect your system with proper applications that not only stop known viruses but also scan for unfamiliar information strings that may indicate a breach.
4) Firewall. Your system should be protected by a business class firewall or router. Be sure to adjust your settings to lock down the operations that can pass through the firewall.
5) Public Wireless Access. All public wireless access should be completely segregated from your private network so if there is a breach, the other network will not be affected.
6) Hardware Planner. You should maintain an inventory list of all hardware and installed software, including make, model number, serial number, warranty, etc. Keep this planner offsite.
7) Onsite server environment.
- If you maintain an onsite server, be sure it is located in a locked room with a minimum number of people who have access.
- Additionally, the room should be clutter and dust free as well as temperature controlled.
8) Emergency evacuation plan.
- In the case of an emergency, all your employees should know the best and safest exit from the premises. This plan should be practiced with employees regularly.
- Don’t forget to assign employees to help in-store customers to safely exit as well.
We hope some of these ideas will benefit your business and keep it just a bit safer. Should you require more information or have questions, please contact One Step Retail Solutions for assistance at firstname.lastname@example.org or 1-800-266-1328.