More access points to your data and information, more complex IT systems and more staff to train all create more opportunities for fraudsters to infiltrate and disrupt your operations. And, with staff increasingly working remotely, it’s more important than ever to ensure everyone knows their role.
Here are ten simple steps you can take to help protect your business:
- Encourage strong passwords and use two-factor authentication
Make sure your software and system passwords are easy to remember but hard to guess. Mixing letters, numbers, capitals and unusual characters – such as exclamation marks – will help. Remember to regularly change your passwords, too.
Also consider implementing two-factor authentication (2FA) – also known as multi-factor authentication – into your network wherever possible. This adds extra security by requiring the user to present two different proofs of identity before they can gain access – usually a password plus a code that’s sent to the user’s phone, for example.
- Keep your network up to date
It’s easy to be tempted to dismiss prompts to update the software we use – thinking we’ll come back to it later, when we’re less busy.
But keeping your network up to date – including anti-virus software – is vital, as latest software versions will often contain security updates. So, while it might take a few minutes out of your busy day – it may also save you a whole lot of problems later on.
- Provide firewall security for your internet connection
A firewall prevents outsiders from accessing data on your private network – and is your first line of defence. Make sure your operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are also protected by a firewall.
- Use a Virtual Private Network (VPN)
VPNs use a private network to hide your IP address and are particularly useful for businesses with a flexible and mobile workforce. They allow you to use the internet anywhere via a secure connection – ensuring your company network stays secure – adding an extra layer of security.
- Encrypt your data
Encrypting your data means that if cyber criminals are able to breach your system and access your data, they won’t be able to view it. Encryption software used to be limited to bigger businesses but is now widely available for small businesses. In fact, many devices come with encryption built-in – so you just need to make sure it’s switched on.
- Train your staff to be secure and spot attacks
The vast majority of cyberattacks start with an employee clicking on a link in an email that looks like it’s from a legitimate source and with an attachment made to look like a PDF*.
Ensure your staff are educated on the things to look out for and how to respond if they think they have been compromised – by giving them regular cyber training and updates. Cover off those cyber vulnerabilities where employees are most at risk. Remind them of the need to use strong passwords and never to share sensitive information such as bank details and personal or company information without checking with you or someone senior first.
Practical workshops are the best way to do this – and the time taken to plan and run them is well worth the investment.
- Minimise the access points
Educating your employees on how to limit the opportunities for attacks means also reminding them that the more devices they use, the more access points they create for cyber criminals.
Remind them to use only authorised devices for work and discourage them from using personal laptops, phones and tablets – as these may not have the same levels of cyber protection in place.
- Make it easy for staff to report suspicious emails
Encourage your employees to ask for help if they think they may have clicked something that causes a breach. If you have a culture where people think they will be punished, it will discourage them from reporting it and that could waste valuable time in taking steps to scan for malware and change passwords to limit the damage.
- Build a data security policy
As your business grows, the amount of data you hold and the complexity of your IT systems will grow too, so it’s worth establishing a simple security policy to help you understand where the risks are. This should include:
- a list of what data you have stored – and where;
- how important different data is;
- how data is accessed and moved around; and
- who in the business has permission to access different data.
Invest in the right insurance
While all of these measures will help you protect your business against an attack, taking out the right insurance can help you offset any financial impact – and can ensure you’re in the best possible place to return to normal as quickly as possible.