The cyber threat has risen exponentially in recent years and shows no sign of slowing. Follow these 10 top tips to protect your business
The cyber threat has risen exponentially in recent years and shows no sign of slowing. Follow these 10 top tips to protect your business
Any business with an online presence can be targeted by criminals – from small eCommerce operations to multinationals employing thousands of people. Hackers are taking advantage of the lack of cyber protection and insurance among SMEs which wrongly believe that their revenue is too low to be an attractive proposition.
The absolute bedrock of strong security, it is astonishing to think that the most used passwords remain ‘123456’ and ‘password’. Easy-to-guess passwords, those used across multiple accounts and those replicated across platforms – such as work email, Facebook and personal email – continue to pose a significant threat. They should be long and include capitals, numbers and symbols at the very minimum. It’s also good practice to change passwords frequently – perhaps once a month.
Two-factor authentication is fast becoming essential to protecting businesses as these add a further layer of security to logins. These work by sending a unique time-sensitive code to an email address, phone or dedicated app set up for the purpose – such as Google Authenticator – which must then be entered to gain access.
‘Bring Your Own Device’ was already rising before COVID; now there are millions of people using personal devices to carry out work from home. This moves the security perimeter to a place you cannot control – so ensure staff are only using work devices which you can monitor and protect.
How many times have you – or your team – clicked ‘later’ on an update pop-up? While you continue to go about your business, that update could contain an essential change to patch flaws in your system’s security. If you have access to a technical team, automating patch updates to make them easier could be a winning strategy to ensure you remain protected.
There’s little point trying to tackle cybercrime if you or your team aren’t aware of the risks. For example, phishing – a method of social engineering used by hackers that exploits human trust – has become one of the most common forms of attack used by cybercriminals. If you’re not aware of the signs of a phishing email attack, you’ll have little chance of stopping it: regular training for everyone in the organisation will help reduce the chances of being exposed by human error or process failure.
Establish rules for the data in your organisation so everyone is clear on best practices around the sharing and storage of files. Agreeing a DLP policy can help with education but there are also companies available which can put gateways or blocks in place on your network to prevent accidental – or malicious – data sharing with unknown or untrusted sources.
The rise of ransomware – where hackers effectively hold your system hostage until you pay them a ransom – has made headlines in recent years. One way of mitigating the potential threat is to keep a backup of customer, business and website data which can be redeployed after the criminals have been removed – if they have sole possession of your data, you probably no longer have a business. Look into deploying a NAS server: a kind of private cloud with terabytes of space which can cost as little as a few hundred pounds.
A UK Prime Minister infamously fell foul of this after tweeting an image containing a Zoom meeting ID. Ensure that no confidential or sensitive information is visible in the webcam feed – such as on a whiteboard in the background or papers on a desk. Password-protect meetings, don’t allow attendees to join before the host and restrict screensharing to ensure people don’t share information they shouldn’t with external parties or accidentally share their entire screen rather than a specific app.
If you are of a substantial size, bring in the experts. Ethical hackers use the same techniques as cyber criminals to look for gaps in your security and come up with ways to help you to secure them before someone can use them to break into your systems.