What to Include in Your Internet Security Policy

policies procedures bindersWhether you’re just launching your new enterprise or you’ve been in business for a while, you’ve probably outlined a set of policies and procedures designed to ensure the safety of employees, foster a welcoming workplace, and ensure efficiency in operations. Now you need to consider that modern business is conducted not only in board rooms and cubicles, but in virtual space as well.

It is therefore imperative to create an internet security policy to complement your other operational policies and procedures. Of course, such policies are still in their relative infancy.  With new threats popping up all the time you may feel some anxiety about your ability to keep up.

The good news is that many other businesses are in the same boat.  A consensus is beginning to form concerning the best ways to develop and implement flexible internet security policies. These strategies are designed to adapt to technological advances and the evolving nature of hackers. Here are just a few key points you’ll want to include in your internet security policy.

Security Strategy

Planning your policy should begin with considering a security strategy. This could include listing your objectives when it comes to implementing and maintaining internet security. It might also cover your ethical and legal responsibilities in terms of privacy laws meant to protect customers and employees.

Your policy should also include the variety of systems you use that operate online. Note how to protect each one with relevant security software and employee usage guidelines. Detailing these points will help you determine the course of your internet security policy. This way you can delve deeper into pertinent issues like which software to purchase, how much to spend, and how to train employees to do their part.

Specific Programs

You may need some professional guidance when it comes to planning your internet security policy.  If your business uses specialized software or equipment, your policy should include proper procedures pertaining to each specific system, network, and program you utilize. Naturally, this portion of your policy may change over time as you implement new software and systems.

It might seem like overkill to list specifications for hardware and software. However, if you expect employees to properly utilize these systems as part of their job, they need to understand potential risk factors so they can behave appropriately and keep your online operations secure.


Compartmentalization is a great way to increase the level of security for confidential data. For example, everyone in the company might need access to an employee directory, but you may limit access to financial records to only your finance and executive team.

While you may want to foster transparency and openness, you don’t necessarily want all of your employees to be privy to executive planning and communications.  You also can’t allow unfettered access to sensitive customer data like credit card or social security numbers. By compartmentalizing and setting up a system of authorizations for different positions, you can help to protect your company and your customers.

Don’t forget to include behavioral information in your policy as well. You need to make it clear that employees are not to share access with one another or with outsiders and that they will face penalties for doing so.

Password and Network Policies

Some of your internet security policy will focus on the technical elements of securing your online operations. The rest will pertain to employee behavior as a means of teaching workers how to behave in a manner that helps to protect the company.

Your employees no doubt have passwords to access computers, accounts, networks, and data. Your password policy should provide clear rules and regulations regarding how to access resources and how password usage works.

It seems almost silly in this day and age to remind employees not to share their login information with anyone, including their coworkers. Yet, it is still necessary to include this in your policies, along with protocols for password creation.

You also need to train employees to operate in a careful manner when it comes to email and other network usage. Some of the most common ways hackers gain access to company data involves employee error. This includes the use of weak passwords and blunders like clicking spammy links, visiting dangerous websites, or downloading files that contain viruses, spyware, or malware.

Expectations and Penalties

Employees need to understand what you expect of them when it comes to internet security. It is also important that they understand the consequences, to the company and to themselves, should they fail to act appropriately. Irresponsible behavior could result in a devastating data breach. Spell out penalties associated with such failures so that workers have ample motivation to follow your internet security policy.

Are Hackers the Only Threat to Your Site Uptime?

page-not-found-688965_640Every business that operates in the online arena, either solely or in concert with a brick-and-mortar establishment, fears hackers. For years, experts have warned that it’s not a matter of if, but when a company will be hacked. If it can happen to mega corporations, healthcare providers, banks, and even government entities that have the highest levels of security, it can definitely happen to the average business.

This is partially due to the fact that most businesses are woefully under-protected when it comes to internet security. Or perhaps hackers are just one step ahead. The outcome is the same – your business suffers when hackers cause site downtime and steal, corrupt, destroy, or ransom your data.

Of course, hackers are not the only cause of website downtime. Although hackers pose a real threat, there are other reasons why your website might suffer unscheduled downtime. This interruption of service will annoy customers and cost you money.

The good news is that you’re not the first business to deal with such problems and you can learn a lot from those who suffered before. Preparing yourself to recover from downtime starts with understanding potential causes and then determining how best to plan for recovery. Here are a few threats to your site uptime and what you can do to minimize them.

Web Hosts

It’s important to take your time when it comes to choosing a suitable web host. You will first want to consider the bottom line regarding rates and scalability.  Just as importantly, you want to make sure the vendor you select has a solid reputation for service. Look for a host that offers some guarantees (by way of reparations) should you suffer unscheduled downtime.

No web hosting service can guarantee 100% uptime, so if you hear this promise you should probably keep looking. However, reputable and reliable providers should warn you well in advance of scheduled downtime. A good hosting service will be available to help you address and troubleshoot issues with downtime and, in some cases, they may even back up their guarantees with a policy of repayment for any unscheduled downtime you do suffer due to problems on their end.

Traffic and Bandwidth

Business owners must always concern themselves with the bottom line if they want to run an efficient and profitable operation. In terms of bandwidth, you’ll have to try to calculate the amount of virtual traffic that is likely to come in so that you can pay for an appropriate package.

If you miscalculate and you experience more traffic than anticipated, your site could go down. This will leave visitors and patrons unable to peruse your wares and make purchases online. A web host that offers scalability will allow you to ramp up quickly should such issues arise.  However, you might want to err on the side of caution by opting for more bandwidth than you think you’ll need and then scale back if you’re not using it all.


Hackers are a definite threat to your business, but one of the most common ways for hackers to gain entry to your system is through your employees. This happens most often when employees are careless with login information. By creating weak passwords that are easy to hack or allowing others access to their login information, these employees are putting your system at risk.

Employees may also behave in an unsafe manner by visiting dangerous websites, opening emails from unknown senders, or clicking suspicious links. All of these ill-advised actions could result in hackers gaining access to your system and shutting it down from the inside out.

There are two good ways to deal with this. First, you should train your employees to behave in an appropriate manner when using company resources. Second, you should use software protections that prompts employees to create strong passwords (and update them frequently), that warn employees when they’re about to do something dangerous, that requires additional confirmations for downloads, or that outright denies access to certain online resources.

Monitoring and Alerts

If you want the best chance to minimize and address website downtime, regardless of the cause, your best bet is to hire a monitoring and maintenance service. These professionals can not only monitor your site and alert you when problems arise, but they can help you to plan for action and recovery when downtime does occur.

How Page Content Monitoring Can Improve Your Site Security

security-265130_1280Business owners can’t exactly spend all day checking in with their website to ensure that it is performing as it should. The good news is that there are all kinds of monitoring programs and services to do the heavy lifting for you.

What do these monitoring platforms provide? There are any number of things the average business might want to track. For example, site uptime is a major concern for many business owners who want to make sure unscheduled downtime isn’t preventing customers (and prospective customers) from accessing their content.

The right monitoring service can alert a business when its website is experiencing downtime or even extended loading delays, just for example. Monitoring software and services could also be used to track network activity, error messages, customer logins, traffic, shopping carts, links, email, and more, including the content on your website.

Pretty much anything you want to monitor when it comes to your website performance can be tracked using appropriate software or monitoring services. What you may not realize is that such measures can do double duty by increasing your security, as well.

How can monitoring services, and content monitoring in particular, bump up your security? Here are just a few ways in which choosing appropriate software or service providers can keep you apprised of potential problems with your website and increase security in the process.

Deal with Downtime

There are obvious reasons to avoid website downtime. Some amount of downtime is, of course, unavoidable. Eventually you’re going to have to perform maintenance and upgrades to your site, and your web host will have scheduled downtime, as well.

What you really want to avoid is unscheduled downtime that stops visitors from reaching your site. When this happens, you risk losing both loyal customers and new visitors.

However, you gain more than just a window into what your visitors are encountering on your website when you hire a service to monitor downtime. You could also discover hacking or other attacks that disable your site.

Monitoring services will send you notifications when your site is experiencing unexpected downtime, allowing you to fix the problem post haste. This might actually allow you to stop a hack in progress and protect your network and data from breach.

What if hacking activities don’t result in downtime, though? Suppose someone is tampering with your content? In this case, having content monitoring services in addition to uptime monitoring could help you to spot unusual activity and stop hackers before they cause too much damage.

Spot Unusual Network Use

Some monitoring and management services provide a variety of network solutions for your business, including options to perform backups and keep an eye on network usage. Some even provide added security for your network in the process.

Regardless, the information these monitoring services provide can help to keep your business and your data safe. Network monitoring can provide you with clues to a number of different potential security threats.

When you receive alerts from your monitoring service showing unusual activity on your network, it could be a clue that employees are using your resources inappropriately, potentially creating security risks in the process. Or it could indicate that your network is under attack or that a breach is already underway.

Receiving such notifications allows you the opportunity to curb potentially harmful behavior by employees and stop hackers in their tracks, especially if your monitoring service also provides management and security.

Unfortunately, some threats come from inside your organization. Here, too, content monitoring could serve security purposes by alerting you to suspicious activities such as malicious tampering with your website content by disgruntled current or former employees.

Identify Who is Accessing the Network

With appropriate monitoring and management software or services in place, you increase your ability to determine who is responsible for breaches. Whether an employee has inadvertently allowed access to your network by clicking a spammy link, visiting a dangerous website, or sharing a password or you’ve come under attack by industrious hackers, the right monitoring program can help to trace the source of the breach.

This information can be invaluable when it comes to finding those responsible and setting up better protections in the future. Strengthening network security starts with understanding weaknesses, which monitoring methods can make you aware of.

Before you can address a problem you must first realize that something is wrong. Whether your network usage is high, your site is experiencing unscheduled downtime, or something hinky is happening with your content, the right monitoring software can alert you that there is a problem.

Derail Suspicious Email Usage

In addition to monitoring your website and your network usage, you should also keep tabs on email and messaging. For example, monitoring email could alert you to the transfer of confidential data or unusually large files, signaling inappropriate activity that goes against your security protocols.

You can also analyze log files after the fact to check for threats like viruses, quarantining as needed and tracking the sources of these threats. Regardless of the monitoring software or services you choose, you should know that you not only stand to gain valuable insight into and control over digital operations, but you could also increase security in the process.

Why a Slow Website Is As Damaging As a Down Website

loading tabletEveryone knows that downtime is bad for business, or at least that unscheduled downtime is bad. At least when you have a schedule in place for website maintenance or upgrades, you have plenty of lead time to let users know that your site will be temporarily unavailable, and you can put up an “out of office” type placeholder so they know when to check back.

Your web host can also warn you in advance about its scheduled downtime so you can adequately prepare. Scheduled downtime is not the problem – it’s the unscheduled variety, especially when you don’t know it’s occurring, that can wreak havoc on your page rank and patronage.

The good news is that there are monitoring services available to help you track unscheduled downtime and make necessary changes to avoid it in the future. What you may not realize, however, is that slow loading times can be just as detrimental.

According to Kissmetrics, a website has only about 8 seconds maximum to catch a visitor’s attention before that visitor navigates elsewhere. In addition, an estimated 40% of visitors leave if a page doesn’t load within 3 seconds.

This is bad news if your site is running even a little slow. If you’re not yet tracking load times in addition to your site uptime, you need to know the potential damage being done so that you understand how serious slow loading times can be.

Visitors Can’t Reach You

I know what you’re thinking. Slow loading times aren’t as bad as downtime because visitors can still reach you if only they’re willing to wait a few second.

Unfortunately, a short attention span dominates modern web surfing, thanks to the instant gratification of pages that load almost immediately. In other words, slow loading is a major problem.

Your site might as well be suffering downtime if it takes longer than a few seconds for pages to load, because visitors are going to navigate elsewhere and the chances they’ll return after a perceived failure are slim to none. You will have lost prospective customers as surely as if you were suffering downtime.

Shoppers May Abandon Carts

Suppose that visitors to your site are willing to wait for pages to load, albeit slower than usual. Perhaps they have a genuine interest in products or services that only you offer or that are superior to your competitors. Or maybe they’re returning customers that have purchased from you in the past and they already have an established relationship with your brand.

The unfortunate truth is that they may have to go through several different pages in order to complete a purchase. Each time a page loads slowly, they are more and more likely to abandon their efforts.

By the time they reach the shopping cart, they may grow worried that their transaction won’t go through. Or they may simply give up. Considering how many shoppers abandon carts without making purchases anyway, it stands to reason that slow loading times could definitely impact sales.

Loyal Patrons May Lose Patience

Your loyal patrons have grown to appreciate your brand and your goods/services. They are therefore more likely to be forgiving if your site is running slowly. But even their patience is likely to have limits.

The great thing about loyal patrons is that they’re likely to check back in. However, if they encounter slow loading times over and over again, their interest in returning could definitely decrease.

Search Engine Penalties

Search engines like Google send out bots to check in on websites for the purposes of indexing and determining page rank. If your website is frequently down or loading times prevent search bots from completing their objectives, your page rank could definitely suffer as a result.

Don’t be shocked – search engines are running a business, too, one in which they provide the most relevant results for user queries. If your pages are consistently difficult to reach because of slow loading times, and visitors frequently navigate away, your rankings are likely to suffer.

Loss of Customers and Revenue

Slow loading times are going to impact your online operations and your business as a whole in a number of ways, but the overarching detriments include losing customers and losing revenue. Both are essential to sustaining your business, so it’s best to identify slow loading times and find ways to nip this critical issue in the bud.

Mitigating the Effects of Website Downtime

Website downtime can be a real momentum killer for your business. When your website isn’t working properly it can mean lost revenue, decreased productivity, brand damage, and might even result in your Google rankings being adversely affected. Downtime of any duration is bad, unfortunately, it’s also inevitable. It can hit the big guy and little guy alike, major companies like Amazon, Facebook, even Google, are prone to outages. The difference is found in how these companies mitigate the problem to make the unavoidable less detrimental to the success of their enterprise.

The first thing to keep in mind is the cost of downtime and accepting that it will happen to you at some point in the future. The business owner who doesn’t prepare accordingly is only asking for trouble; sticking your head in the sand ready only to “cross that bridge if you come to it” is a recipe for disaster.

If you know it’s coming then there are some important steps that should be taken now, so the extent of your imminent outage is minimized to the least amount of downtime possible.

Know the Risks

Accepting the inevitable means knowing the risks that exist with respect to downtime. There are a number of reasons why a website or server can stop working. Hardware fails, software stops working, routers get reconfigured, files can become corrupted and viruses that invade your system can all cause your site to go offline. Then you have the scheduled maintenance that comes with any server or hosting service.

You can’t avoid that downtime if you want your site working at peak performance. When it comes to the components that comprise your network, take precautions with redundancy, security management, data backup and any other pertinent safeguards that might be exclusive to the size and needs of your system.

Human Error

It’s a fact of life, the human element can and will manage to muck up the works in some capacity. That’s just who we are, folks. But you can mitigate our involvement by taking steps to make sure the people who are working in close proximity to your server are well trained and fully knowledgeable of that system.

This could mean hiring a service that has excellent standing in the marketplace to run the operation and keeping your own employees fully apprised of how your server(s) works, especially if everything is done internally.

Good Monitoring

Website monitoring is a valuable component to mitigating the effects of downtime. Not only do these services track and audit all of the necessary processes and elements of a properly working server but they can alert you to any potential problems that could threaten to interrupt the network.

You have the choice of internal monitoring, which is done behind your corporate firewall and works within the system, or external monitoring, which involves a third-party keeping your network fully operational.

The drawback with internal monitoring is that if your server fails the monitoring often fails with it, so it’s no longer working to alert you if there’s a problem. External doesn’t have that issue, the company safeguarding the integrity of your network is on-call at all times and will contact you if there’s an interruption.

Get Insured

Most forms of risk have some type of insurance associated with them to minimize your exposure in the event of calamity. The same goes for IT downtime. These insurance policies can vary in coverage necessity depending upon the nature of the company and the importance of a website or similar portal to the success of that business. A website that plays a vital role in generating revenue of any kind will likely be a strong candidate for coverage.

Devise a Plan

You know that downtime is inevitable and you’ve taken all the necessary precautions and preparatory actions to mitigate the potential damage. But what about after that downtime has occurred? Devising a plan for recovery can be just as important as making plans to deal with the downtime itself.

Detecting the problem and fixing it is only part of the story; contacting all of the affected parties such as vendors, company personnel, and customers, repairing the issues to avoid similar problems from repeating themselves, and securing all sensitive data are just a few portions of any good recovery operation. Make sure you have one in place so your business is back on its feet quickly.

Top 5 Reasons Why Your Website Could Experience Downtime

In business, downtime is unavoidable. Even restaurants have to close occasionally to fumigate or deep clean, so it’s no great shock that websites sometimes suffer from downtime as well. However, it’s important to differentiate between planned downtime and service blackouts.

When you plan downtime for maintenance or upgrades to your website, you have the opportunity to inform users well in advance and even post a redirect page for visitors that explains why your website is temporarily out of service. With service blackouts, there is no warning and no explanation – users are simply unable to access your website.

While there are certainly times when such downtime is faultless, there are also occasions when service outages could have been avoided. By understanding why downtime occurs, you have the opportunity to prevent it.

As a responsible business owner, you should always use a web monitoring service that will notify you when your site goes down so you can respond immediately, as well as provide reports that help you to pinpoint the problems. However, you should also be aware of the most common causes of downtime so that you can try to avoid them. Here are a few you should know about.

1. Unreliable Web Hosting Service

Many web hosts realize the concern their clients have about downtime. When you’re searching for a suitable web host, you’re likely to find all kinds of claims about how little downtime users experience. A common promise is that you’ll have service 99% of the time.

This sounds pretty reliable until you start crunching some numbers. 99% uptime equates to about seven hours of downtime each month, which equals about three and a half days each year that your site won’t have service. If you’re running a business, this number is unacceptable.

It’s like randomly closing the doors to a retail store three days a year without informing customers. Can you imagine how upset you’d be if you went to your grocery store during business hours and the store was closed with no explanation? What if it was a store you were visiting for the first time? You’d probably never go back.

You don’t want this situation with your website, which means you need a reliable web host. In all honesty, a site that actually delivers service 99.9% of the time is about the best you’re going to get. There’s just no getting around the fact that things happen that even a solid web host cannot anticipate or combat.

2. DNS Issues

DNS stands for Domain Name Server and the easiest way to explain it is to equate it to a phone call. When someone dials a phone number, the signal is routed to the appropriate receiver and the person you’re tying to reach hears their phone ring.

DNS is the system that recognizes website names and then identifies corresponding IP addresses and routes to them, ensuring that people typing in your web domain or clicking links to your site are directed to the appropriate landing page. So what can go wrong?

A lot, as it turns out. DNS issues are not at all uncommon. When you register your domain, the vendor you purchase it from should configure your DNS.

However, when you make changes to your website, there’s always the possibility that you could accidentally enter incorrect information or use incorrect settings, potentially messing with the DNS and causing problems for users.

3. Software Compatibility Issues

Building and maintaining a website requires a variety of software solutions. Even if they’re purported to be compatible, there could still be issues with programs fighting for dominance. Or the plug-ins you use could end up being incompatible, just for example.

The result could be pages that don’t load or even complete website failure. Either way, you need to correct the conflict or you could suffer ongoing issues with downtime.

4. Hackers

Hackers may attack you in various ways, by insinuating viruses or malware into your system to wreak havoc, by using spyware to steal information, or by outright breaking in. The result could be damage to your website, punctuated by downtime.

Hackers may go after any business, large or small. Luckily, you can protect against hackers with a proper web application firewall and antivirus/anti-spyware/anti-malware programs.

5. Natural Disasters

Okay, this is not as likely as, say, an unreliable web host, but natural disasters definitely occur and they can knock out service to particular regions or even take down the servers that are hosting your website. The best bet to avoid this is to select a web host that has back-up servers in another location just for such occurrences.

How to Proactively Monitor Your Site Uptime

Traditionally, businesses have relied on customers visiting stores in order to purchase goods or services. This meant having posted business hours and ensuring that the store was open on time to welcome customers.

These days the internet has significantly changed the way many companies conduct their business operations. Certainly brick-and-mortar stores are still popular, but many businesses have also embraced the 24/7 access offered by the internet.

Your business can make sales at all hours of the day and service consumers across the globe thanks to websites and secure online shopping carts. Of course, this system does require your site to be available, and for this you will have to rely on a web hosting service.

Unfortunately, these services are not always reliable. As a business owner, you need to know when downtime occurs and how long it lasts so that you can assess the impact to your business and find out if you need to switch to a more reliable service provider.

How can you be proactive when it comes to monitoring website uptime? Here are a few steps every business owner should take.

Visit Frequently

How often do you look at your own website? Unless you’re making changes, the answer could be infrequently. If you want to have any idea of what your customers are complaining about, it behooves you to visit your website at least daily to make sure it’s up and running and note loading times.

You should also ask employees to check in periodically throughout the day, both on computers and mobile devices. With input from a variety of sources you can gain at least some idea of what’s going on with your website and whether it might be suffering from frequent or prolonged episodes of downtime and inaccessibility.

Know When Scheduled Downtime Will Occur

This is an important factor. For one thing, you’re likely to schedule your own downtime for maintenance and updates, preferably during the slowest times of the day, and you should inform subscribers in advance and post a redirect to an explanation page while the site is down. You don’t want to alienate visitors or else they may never visit your website again.

At times, your web hosting service may also schedule downtime for similar reasons (maintenance, upgrades, etc.). A good host will inform you well in advance so that you, in turn, can make appropriate preparations to inform your customers. You can even schedule your maintenance to coincide with your web host.

Hire a Monitoring Service

There are steps you can take on your own to monitor website uptime, but if you really want to know what’s going on around the clock you need to hire some outside help. The good news is that it’s not hard to find reliable monitoring services to do the heavy lifting for you.

What do these professional services provide? Not only do they offer consistent monitoring of your website with frequent check-ins to make sure your site is up and running, but they also check it from several different geographic locations to ensure that it is accessible not only locally, but also via domestic and international portals.

In addition, these tests may be synchronized to allow for verification across multiple locations and provide further data about where and when downtime is occurring. The resulting data can help you to determine whether the problem lies with your web host or with specific portals.

Some services are free and some offer paid subscriptions that include additional features. Most monitoring companies offer both options as a means of providing solutions for businesses large and small.

Request Reporting and Alerts

Although there are many options to choose from when you’re interested in hiring a service to monitor your website uptime, you need to look for a vendor that provides two main things: reporting and alerts. For starters, you need regular feedback that includes actionable data.

Ideally, your site will suffer from little or no downtime, but if it does occur, you need to know the particulars, the when and why, so that you can take appropriate corrective action. Alerts are also a must.

A good monitoring service will provide you with immediate alerts concerning downtime via email, or text, for example, so that you can respond in record time. This service is essential to making the most of your third-party website monitoring service.

How to Maintain Security Protocols When Employees Work Remotely

Advances in modern technology and concerns for the environment alike have made it possible for employees to work remotely. That’s great news for people who want to avoid a crowded commute to the office and at the same time offers businesses a chance to empower their employees. However, there are also security risks associated with remote employment.

Here are a few tips to maintain security protocols when employees work remotely.

Employees Should Conduct All Work on Company Equipment

It might be tempting for you as an employer to save some money on additional equipment by requiring new employees to provide their own laptops for the job. If you do that, you’re opening the door to what could be a security nightmare.

Simply put, not all of your employees will care as much as you think they should about keeping their own equipment secure. If somebody finds a way into an employee’s computer, then that path could soon become a way into your own private systems. From there, there is potential for catastrophe.

However, if you issue equipment to your employees that follows certain security standards put in place by your IT team, then you can be sure that all equipment connecting to your company systems has up-to-date security.

Use the Cloud

The cloud is another relatively recent advancement in modern technology that’s made everybody’s life a little easier. Thanks to cloud technology, people no longer need install and update software on their own personal systems. Instead, they access remote apps and use them as though they were installed locally.

If you’ve got some mission-critical apps that you need your employees to use regularly, consider deploying them to a cloud. That’s a security benefit because the IT department will be responsible for handling security for the software at a single, centralized location. In contrast, non-cloud apps need to be updated everywhere they’ve been installed. That’s a hassle akin to herding cats.

Use a Secure Connection

One common-sense approach to avoiding data breaches and attacks is to ensure that communication between the employee’s PC and the company server uses a secure protocol.

Many remote employees use a technology like virtual private network (VPN) software that encrypts data traffic to and from the company site. Typically, they’ll couple that with a suite of software that automatically installs security patches and ensures that remote workstations are configured correctly.

The bottom line here is you don’t want data communications between employee workstations the company systems intercepted by some unscrupulous third party.

Develop Guidelines

Even when remote employees are using company equipment that’s configured to company standards with a secure communication channel, there is still the possibility for data breaches and attacks.

As long as there are codes, there will code breakers. It’s that simple.

That’s why it’s important that you not only provide secure technology for your virtual environment, but also give your remote employees guidelines about what is and isn’t acceptable use for company equipment. Those guidelines should include the following:

–  What kinds of websites aren’t acceptable for browsing.  Although your security software should automatically block sites that are considered a threat, it’s still a great idea to “go the extra mile” by telling your employees that visiting certain types of sites is grounds for discipline.

– Rules for downloading. It may be the case that some employees will need to download additional software to perform their job. You should provide very strict rules about which software repositories they’re allowed to use to download software. If they can’t find the software they need at any of those repositories, then the guidelines should spell out how to touch base with the IT department to get an exception.

– Other behavior that’s disallowed on company equipment. Although your employees might be very good at day trading, and there’s probably no security threat from frequent visits to eTrade, it’s probably best if they did that kind of thing using their own computers.

Congratulations on creating a virtual workforce. You’re giving your employees a great deal of flexibility while empowering them to make decisions that are in the best interests of the business. Just be sure that proper security protocols are in place so that you don’t suffer the fate of many other companies that have experienced data breaches.

Looking Ahead – Emerging Trends in Web Security for 2016

Thanks to the advent of the Information Age, our lives have been made a lot easier when it comes to compiling, aggregating, and analyzing data. Unfortunately, with that great privilege comes the great responsibility of ensuring that information systems are secure enough to withstand an attack from unethical hackers who seek to cause mayhem, steal data, and/or commit industrial espionage.

In 2016, there will be noticeable trends emerging in web security. Here are a few of them.

Mobile Security Will Gain More Focus

Thanks to the Bring Your Own Device (BYOD) concept, many employers are allowing employees to connect their own mobile devices to company servers. That makes life easier for the employee, because one device can be used for everything. It also boosts the company’s bottom line because it reduces expenses related to equipment purchases.

However, there’s a trade-off with BYOD. Many people don’t secure their mobile devices as well as they should. As a result, people who gain access to an employee’s mobile device might also gain access to company resources.

In 2016, look for the emergence of companies that specialize in BYOD security for businesses. It’s likely that many of those companies are going to set financial records in the new year.

Multi-Factor Authentication Will Gain Traction

Although your password might be very secure because it’s 14 characters long, includes three symbols, two numbers, and a mix of upper- and lower-case characters, your employer might still not be satisfied. That’s especially true if you work remote.

In 2016, expect to see an increased adoption of multi-factor authentication. That’s a method of logging on to secure systems that requires not just a password, but also some other security measure.

For example, some mutli-factor logons require a digital token to be used in addition to the password. A digital token is typically a number generated by a device that fits on your key chain. You press the button and it gives you a number that expires in 30 seconds or so. You’ll need to use that number in addition to your password to logon to the system. That way, a hacker who has your password can’t logon unless he or she has the token generator from your key chain.

Some multi-factor logins will go the extra mile from there and require biometric identification in addition to the other two factors. We’ve officially become a science fiction movie.

Concerns About Outsourced Code

With the threat of data breaches becoming ever more prevalent, some CIOs might start to consider the possibility that some custom-made software has a back door that can be exploited for hacking purposes.

Remember, companies often outsource their development efforts to save money. However, those outsourced companies could employ unscrupulous individuals as easily as any home-grown shop. The problem is even worse when outsourced contractors have produced software with thousands or tens of thousands of lines of code.

Look for IT management to recommend an “overview” of outsourced code in 2016 to ensure, as much as possible, that it’s free of back door threats.

Big Data Is a Big Headache

IT professionals everywhere love the concept of “big data.” That’s an industry buzz-phrase for a huge database that’s holds massive amounts of data and is used for decision making purposes.

Unfortunately, all that data is a treasure trove of information for unethical hackers. It was unsettling to a lot of American consumers when a hacker gained access to Anthem’s database and the information it held on as many as 80 million Americans. That data repository is what hackers would call a “target-rich environment.”

Look for CIOs to pay special attention to big data security in 2016 as they attempt to minimize threats of a data breach.

A High Demand for Information Security Professionals

If you’re contemplating a career change in IT, give serious thought to becoming an information security professional. It’s very likely that the demand for people who know how to minimize IT risks and put in place proactive measures to offset attacks will be in high demand in 2016 and the years following.

Data security will continue to be a high priority item for upper management in 2016. Too many companies have received bad press because they allowed hackers to gain access to their systems. Now, executives realize that cyber security is just one of many costs of doing business.

Will 2-Step Verification Make My System More Secure?

IT security is a growing field precisely because so many businesses lack suitable digital security. If news headlines are to be believed, no one is safe from the long arm of the hacking community. Even institutions that are supposed to employ the height of security (medical organizations, banks, and government entities, for example) have been subject to data breaches, and that’s just in the last year alone. What is the average business to do in light of such overwhelming odds? How can small and mid-size companies protect themselves from security breaches, data loss, and identity theft (not to mention the major fallout after a breach) when bigger, better-funded entities can’t fend off hackers?

In truth, there is no shortage of steps businesses can take to protect themselves and their clients from data theft. Simple steps like installing appropriate firewalls and encryption programs are a good start, as is hiring professional help like document shredding services, monitoring websites, and even managed services providers. The problem for many smaller businesses, however, is not a lack of motivation to upgrade security, but a lack of capital to devote to the project. Enlisting the aid of a managed services provider, for example, can cost a pretty penny.

One good option for many businesses looking to implement a major change without spending a ton of money is to institute a 2-step verification process for user logins for company systems. You may already have password protections in place for both employees and customers. If you’re smart, you’ve already taken steps to make this login process as secure as possible. Perhaps you require strong passwords, such as those that are eight characters or longer and that must use letters, numbers, and symbols. You may prompt users to change their passwords frequently. Maybe you even use a program that doesn’t allow users to save information and that won’t repopulate fields when any portion of the login data is incorrect.

This type of diligence is both wise and secure. However, 2-step verification can take your login process to the next level in terms of security. As you may know, offering 2-step verification means adding another step to the login process, and there are a couple of ways to go about it. You could, for example, require users to answer a security question (i.e. “what is your maternal grandmother’s name” or “where were you born”). This creates an extra layer of security by requiring additional, unique information from every user.

The other form of 2-step verification is even more secure. You could also require users to enter an authentication code after entering a username and password. This can be accomplished when users download an app that generates unique codes and refreshes after a short time frame (say one minute), providing a new code. Or you could simply send out unique codes to user phones for them to enter when they’re trying to log in to your system. It is this type of 2-step verification that most companies are leaning toward these days as a means of stopping hackers from breaking in by figuring out user login data.

Will this truly make your system more secure, though? Unfortunately, 2-step verification isn’t entirely foolproof. It definitely adds an extra layer of security, and will therefor stymie a certain segment of the hacking population, which will likely move on to easier targets. However, there are some flaws in the system that data thieves have learned to exploit.

The main problem can be account recovery. Suppose a user loses data and cannot access an account, commencing the process of account recovery. Businesses don’t want users to lose their accounts and the data they’ve generated, so most simply bypass the verification system or disable it in order to allow users to create new login information. With minimal data, hackers can exploit this process to gain access to user accounts, thus nullifying 2-step verification.

The hope, of course, is that users will be smart with their own data management, creating unique passwords and optimal protections for all of their accounts so that hackers can’t gain access to recovery data. However, this is not always the case. In the meantime, 2-step verification is just one more way to add protection. For companies looking for relatively affordable ways to increase security, it’s a great option to explore.