A security breach is something that strikes fear in to the heart of all business owners, no matter the size or sector. Businesses have a lot to lose if someone breaches their defences, and it’s more than just bank details, but reputations, clients and jobs.
As managing director of Keybridge IT Solutions, working with a broad range of SME clients, I’ve encountered many security challenges over the years which could have potentially been prevented. Admittedly, cyber security can feel like a minefield, but it’s vital that businesses don’t over complicate their security protocols and overlook the most basic of steps to protecting themselves – making sure that the entire team understands the importance of following these steps.
It may feel like stating the obvious, but in my experience, it’s important not to assume these basics are covered if you want to adequately protect your business…
1. Install & Update Anti-Virus
A key tool to protect your network and devices is to ensure every device has Anti-virus and that it is up to date. This extends to remote and home workers, many of which might be using their own devices to access company data. In the event of a data breach, so many people are implicated by simply not having any installed or updated their Anti-Virus and their terminal or data can become encrypted or locked out. Anti-Virus needs to scan your machine regularly to be effective – so don’t ignore or cancel them to carry on working.
2. Web Protection
Web protection will protect your employees from going onto malicious or dangerous websites that could harm your business. It can include, but is not limited to, gambling sites, streaming/ torrent sites and pornography sites. Although most of these types of sites are technically legitimate, some can harbour very dangerous viruses, adverts or ask your staff to download software which could otherwise damage your terminal or data.
3. Strong Passwords
We are all reminded almost daily of the importance of having a strong password. Whenever you create a new one, perhaps if you’re buying something online on a site you’ve not used before, you’re often told it’s ‘too weak’ if it doesn’t contain a certain combination of mixed characters. This can be irritating, and people often struggle with memorising the most complex ones. My general advice is that a strong password should contain a minimum 8 alpha-numeric characters and must not predictable. Everyone should know by now 12345678 or Password01 is simply not good enough. I would advise that staff passwords should be changed every 6 months’ minimum to keep intruders on their toes. People often fall victim to using the same password, same security questions and same clues for all accounts. But if it’s this easy for your staff to remember, just think how easy it is to attack and access your terminal. Random passwords generated and managed by the IT administrator in your business will prevent predictable passwords and would reduce the risk of a security breach.
4. Instigate Permissions & Lock Down Protocols
Every business will have sensitive information they don’t want employees or hackers getting hold of, like payroll or bank account details. Keep the people who know and have access to this information to a minimum as it reduces the chances of it getting implicated. Sensitive files should always be password protected and permissions should be altered to prevent other members of staff from accessing them. A simple, yet overlooked step, is when employees leave the company; changing passwords should be the first port of call but we don’t always see it happen.
5. Check, Check & Check Again
One of the biggest security breaches is caused when an employee emails the wrong person or mistakenly follows the directions of a spoofed email. Emailing the wrong person may seem minor, but this is still a data breach. There is software available that is trying to reduce human error by encrypting certain emails or making them unreadable if the recipient is not privy to it. However, spoofing is becoming quite commonplace and is when someone pretends to be a boss or senior manager using an email address that similar to theirs, to provoke a member of staff to pay some money or reveal sensitive information. The biggest give away, other than the email address being different, is the tone or dialect (usually American or broken English) and this would often not sound like the person sending the email. Advise your staff to be vigilant when following the direction from an email and phone them sender to confirm the email is genuine.
6. Don’t Open Files From People You Don’t Know
Staff should be advised to avoid downloading anything from your emails like compressed files or documents, or following links from an unknown sender. Most of these emails will go to a junk folder, but on the off chance they don’t, staff should be very careful with these emails and their content. Scams are getting smarter, often telling users they you have to reset their password, or alerting them to an order they haven’t made, asking them to log in to confirm details.. Staff should be extra vigilant and to remember the golden rule; if it looks like spam, it probably is.