We get a lot of questions about how secure our application and the data contained with our application is and, whilst these are valid questions, we often encounter customers who think that the security is only our problem and not theirs.
Whilst in some ways this is true and we do place a lot of time and energy into securing our systems and applications, there is a huge onus of responsibility on users to ensure their endpoints are secure – if this does not happen then how to secure our systems are becomes a minor consideration. For example, when you log in to Natural HR we ask you for three random digits from your PIN number and we know this pains some customers who feel it is complicated and not necessary so why do we do it?
Consider what would happen if you had malware on your endpoint and that malware allowed a key logger to be installed on your device which tracked and reported back every click you entered on your keyboard? Without some sort of randomised process as part of login (i.e. if we simply used a username and password, for example) the person who got that data sent back to them would now have full access to your employee details almost as soon as you logged on. It wouldn’t matter how secure our systems were – the person would be logging in with a valid username and password and we would let them in. Doesn’t bear thinking about really, does it?
For some of our larger users we only allow access to come from certain IP addresses or IP address ranges so logins can only happen from approved devices and, whilst not infallible, this is another step which we can take to help but, like above, if that endpoint is not secure and someone has access to the device our system will still let them in as they are coming from a valid IP address.
With all that in mind, what can you do to make your endpoint more secure? Ultimately it is a combination of small simple things which you need to think about. We have listed some of the main ones that we ensure our users and staff adhere to – they are in no particular order so the last in the list is by no means necessarily the least important but please do go through the list and see how many you and your employees are doing and then think about the consequences of someone getting access to your endpoint because you haven’t done a few simple things…
- If you are using a wireless network, make sure you secure it
- Keep your operating system and applications up to date
- Use up to date security software and update it regularly
- Use more than just anti-virus software
- Security software doesn’t have to cost anything – free is OK as long as it is up to date and used regularly
- Do not open unknown or unexpected email attachments even if they are from someone you know
- Do not write your passwords down
- Use a long password made up of mixed characters, numbers and punctuation
- Do not use the same password everywhere
- Do not use dictionary words, names or easily identifiable personal information for your password
- Change your password regularly
- Do not use consecutive numbers or repeated digits for your PIN
- Lock your PC when you leave it