To follow-up on last week’s security post, Email Service Providers like Bronto need be vigilant about security and act like the banks of the new millennium — banks of personal information with email addresses increasingly being the new currency. Of course, if you walk through city streets with your wallet hanging out, a secure bank is not going to help you very much. Here are some thoughts on what you can do to keep your email and customer lists more secure:
- Think about what you are storing. Customers’ contact lists often contain much more than email addresses. Be aware of what data you are storing on whatever email marketing platform you are using — in particular, avoid including very sensitive pieces of data like credit card numbers and social security numbers for your contacts.
- Protect and rotate your password. Most intrusions happen through the first door versus technical back doors. Your password is often the front door key so it is best to have a “strong” password and change it periodically. Strike the balance of it not being so hard to remember that you have to scribble it on a sticky note that sits on your desk. That’s not secure either.
- Control access. Every account at Bronto includes multiple users — use them. And, when some one no longer needs access, delete it. Shared user accounts and passwords are inherently insecure and a cause for break-ins.
This is all common sense that sadly isn’t common enough. Bronto has a full suite of security features to make these type of things easy to do. Read this post on Brontoversity to learn how.
Phishing and Key Logging
Now, here’s the tricky one that you probably didn’t think of but has been the reason behind some recent data thefts. This really happens so read this one carefully.
The intruder sends you a phishing email trying to lure you into downloading a computer virus. The virus is a key logger. The key logger runs in the background and secretly logs and sends every key to the intruder. Then the intruder simply listens for your username and password and then tries the combination themselves. Https and other secure connections won’t help you here because your typing is captured before your information is encrypted and sent along to connected website. Then the intruder goes in through the “front door” by signing into your account with your username and password and takes what they would like.
In addition to the suggestions above, I recommend the following to mitigate the risk from phishing / key logging break-ins:
- Be aware of phishing emails and what you download from them.
- Install and maintain current anti-virus software. Anti-virus software will monitor your system for common key loggers.
- Limit the IP addresses that can access your account to your office’s IP address. Will this be inconvenient when you try to sign into your account from home or on the road? Yes but a secure office would have a VPN to let you securely access the Internet through your work network. Read the Network Access section of this post to learn about how to do this in Bronto.
Ultimately secure data is a journey and not a destination — you are never a 100% there and the effort to keep your data secure never ends. But, there is a lot in your control to make your data more secure and exponentially more difficult to steal.