Best Practice Security for Computers using Retailer
Security is important for any business and it is important that you protect your business as best you can while still allowing the business to operate efficiently. This is not just for the security of you business and customer data but to provide protection against malicious attacks such as ransomware.
Below we will list the things you can do to ensure your computers are as secure as possible. However some of these restrictions may not be for suitable for all businesses. You will need to decide what is your best approach while being aware of the risks associated.
Implementing and managing your security protocols is NOT covered by Tower Support. Any advice provided in relation to the below advice would be considered billable. Windows Usernames and Passwords
The easiest form of security you can enable is having each computer require a username and password to access it. The passwords should be changed every couple of months. A drawback of having usernames and passwords is that you need to ensure that all staff are aware of the passwords so that access is not hampered.
Windows Active Directory via AzureAD or Similar
An option for an additional layer of security (over and above standard windows usernames and passwords) is to implement a domain network where staff logging in are authenticated by a Windows Active Directory service. This option has a not-insignificant cost associated with it. It also means that you will need to allocate staff individual accounts and they would need to use these to access your system. Implementation of this may also have setup ramifications for Retailer, so if you are undertaking this it is likely that you will also incur some billable support work from the Tower Support team.
Remote Desktop
If you are not using Windows Remote Desktop (RDP) this it is highly recommended that you disable this service in windows. If you are using this service then ensure you have a very strong password that is updated regularly. The preferred option for RDP is to use this via a VPN however if this is not possible access should be limited to specific IP addresses. Additionally, when this is used in conjunction with an active directory service, like the one mentioned above, this adds an additional layer of security.
Backups
While the Retailer backup does protect your Retailer data it does not protect anything else on your computer. Our recommendation is to use a cloud backup service that incrementally backs up your entire PC. Consider adding a cloud backup service to any computer that stores any valuable data, not just your server. It is imperative that the service you use has both a local and a cloud copy for easy disaster recovery.
Browser Passwords
While saved browser passwords are very helpful, it does open a risk should your PC be compromised. Our suggestion is to not save passwords, especially for accessing any service that stores sensitive data, like bank login etc. Consider using a password manager such as LastPass or 1password to help you remember passwords.
Emails
Once of the biggest security risks in your business is email. Only open attachments and click on links in emails that you are sure are from known senders. Check email addresses as well as the sender's name. If it sounds suspicious, it probably is.
People Remote Connecting to your Computer/Network
Be careful about who you let take remote control of your computer, ensure they are from who they say they are. If you are suspicious, terminate the call and call the representative back on a publicly available number.
Don't use out-of-date Software, Hardware or Operating Systems.
Keep your systems up to date by ensuring you are running versions of software, operating systems and hardware that are still supported by their manufacturers. Make sure that any updates to software, especially Windows security updates, are loaded as soon as possible. This will ensure that you are not susceptible to any vulnerabilities have been patched by the supplier.