Data protection is all about placing multiple barriers between your data and potential attackers. Hard drive encryption is one layer of protection that will keep your data safe in a way that mere password protection cannot.

If your laptop is stolen or lost and your hard drive is unencrypted, someone could easily take out your hard drive and access your locally stored files from it. Encrypting your data protects your data from such cases because it makes data unreadable to unauthorized users—and it’s surprisingly easy to do.

Simple options for hard drive encryption include:

• BitLocker: This is Microsoft’s Windows 10 Pro and Enterprise solution. It is free and can be activated by selecting the drive you want to encrypt under “This PC” in Windows Explorer, choosing “Turn on BitLocker,” and then following the steps to choose a password, enable a recovery key, and encrypt your drive.
• FileVault: This is the built-in MAC OS encryption tool. To enable FileVault, simply select “Security & Privacy” in “System Preferences.” Then click “FileVault” and enter your administrator name and password to find the option to turn on FileVault.
• Self-Encrypting Drive (SED): For added protection, instead of storing and encrypting data locally, you can get a self-encrypting external drive. This can come in the form of a cost-effective USB drive that automatically encrypts files stored on it.

If every employee’s hard drive encryption is enforced, these options may work well, especially for small companies or businesses using BYOD policies. But large corporations need an enterprise-level solution that can be rolled out without needing individual activation.

In that case, using Software as a Service (SaaS) from a trusted provider may be the right move for you, as your provider will manage the encryption of all company devices. There are a wide variety of providers and options depending on your specific industry and requirements, but IBM, Dell, and Sophos are just a few vendors that offer enterprise-grade solutions.

No operating system is perfect. That’s why new software updates and patches are periodically rolled out to patch software vulnerabilities that hackers might otherwise exploit.

• Major OS updates are generally released every 1–2 years, and minor updates might happen continually. They commonly address issues both with user experience and security.
• The 2017 WannaCry cyber attack is infamous as being the largest ransomware attack ever with 200,000 infected computers globally and billions of dollars of data lost. But it could have been prevented entirely had all users installed a software patch that was rolled out just months prior to the attack.

The best way to ensure your operating system is always up to date is to enable automatic updates on all your devices. To maintain consistent and comprehensive updates, companies using managed services will often have updates rolled out continually by their IT provider.

If the operating system on your device is obsolete, meaning it is no longer able to receive updates, to stay secure, you need to either update to the newest OS or, if your device is incompatible, upgrade to a compatible device. You can check the Windows lifecycle fact sheet or Apple support to find whether your device is compatible.

In short, when you see that message saying “New Update Available,” don’t delay—install updates promptly every time!

How are your employees connecting back to your main infrastructure? Even if they’re using web apps and other solutions to collaborate for many functions (which we recommend—more on that below!), at some point, employees will likely need to access resources housed in your main network.

But if they access your network through unsecured channels, they could be putting your systemes at risk. And with remote work offering greater flexibility when it comes to location, more employees will likely be using a public network at a restaurant or hotel at some point.

A VPN is an ideal solution to the problem of gaining access to sensitive data through public networks. A virtual private network acts as a tunnel between two points. Anything passed through that tunnel is completely encrypted until it reaches its end user, protecting data from attacks while in transit.

Although there are some free VPNs online, we do not recommend them, especially for transmitting sensitive data. They may divert your information or slow your internet speeds due to a large number of users.

You’ll want to use a trusted VPN provider such as NordVPN.com and ExpressVPN.com to get the full security benefits of a virtual private network for your employees’ devices and connections.

Using strong passwords may be the security precaution most people are familiar with, but that doesn’t mean it’s the most followed.

• A 2019 Google survey found that 65% reuse the same password for multiple accounts.
• A staggering 81% of hacking-related breaches are caused by compromised passwords, according to the 2020 Verizon Data Breach Investigations Report.
• In early 2019, Microsoft found that 44 million users were susceptible to account breaches because they reused passwords that were leaked during attacks on other organizations.

Standard practices for creating strong passwords include the following:

• Creating long passwords of at least 8 characters and PINs with at least 6 characters.
• Using a mixture of upper- and lowercase characters, symbols, and special characters.
• Avoiding common passwords and simple phrases (like 123abc, password1, etc.)

But perhaps the most important precaution (and the one least adhered to) is to make sure that you never reuse passwords. People unfortunately often reuse passwords for fear of forgetting them. We recommend using a secure password manager to keep track of different passwords and avoid repeating them. As shown by Microsoft’s discovery of hacked passwords, should login information from one account become compromised, hackers could easily access other accounts using the same login information if it’s repeated.

Three of the most common types of password attacks include credential stuffing, where attackers purchase credentials leaked from other sites and test for matches in other organizations (Twenty million Microsoft accounts are probed daily by these attacks); phishing, where hackers generally solicit your information through emails and fake login pages (phishing emails make up 0.5% of all inbound emails); and password spray, where hackers use software to rapidly test common passwords for many usernames (these account for at least 16% of password attacks).

To avoid such attacks, you should learn how to recognize phishing attempts, use complex passwords, never repeat a password, and also use multi-factor authentication.

How are your employees connecting back to your main infrastructure? Even if they’re using web apps and other solutions to collaborate for many functions (which we recommend—more on that below!), at some point, employees will likely need to access resources housed in your main network.

But if they access your network through unsecured channels, they could be putting your systemes at risk. And with remote work offering greater flexibility when it comes to location, more employees will likely be using a public network at a restaurant or hotel at some point.

A VPN is an ideal solution to the problem of gaining access to sensitive data through public networks. A virtual private network acts as a tunnel between two points. Anything passed through that tunnel is completely encrypted until it reaches its end user, protecting data from attacks while in transit.

Although there are some free VPNs online, we do not recommend them, especially for transmitting sensitive data. They may divert your information or slow your internet speeds due to a large number of users.

You’ll want to use a trusted VPN provider such as NordVPN.com and ExpressVPN.com to get the full security benefits of a virtual private network for your employees’ devices and connections.

Multi-factor authentication (MFA) and two-factor authentication (2-FA) protect your data even if your passwords fail to.

• Microsoft found that MFA can block over 99.9% of password attacks on an account. That’s right—99.9%.
• Although some tools do exist that have the ability to crack MFA, there are so few attempted attacks on authenticators other than passwords that significant data hasn’t been collected. 
• According to the 2019 LastPass Global Password Security Report, 57% of businesses surveyed globally use multi-factor authentication.

In addition to a password, MFA requires another credential before allowing access to your account. This authenticator will often be one of the following:

• Something you have, like a specific device or a key fob. This might include sending a text with a one-time PIN to your phone.
• Something you are. This includes biometrics like fingerprints or facial recognition.
• Something you know. That’s why your bank asks you for your grandmother’s maiden name.

Businesses have many options when it comes to securing accounts with MFA. Popular software choices include Duo Security, Google Authenticator, and LastPass, and individual setup is often as easy as downloading an app and setting up an account.

By requiring another authenticator, MFA ensures that even if a hacker knows your password, they won’t get past the next barrier.