How to Protect Your Business from Cyber Theft
No matter what line of work you’re in, the vast majority of businesses nowadays demand the use of computing devices, requiring employees to use at least a computer, laptop or smartphone throughout the working day.
The pivotal role of technology in the world of work today puts businesses at risk of cyber theft: an increasingly sophisticated and highly lucrative industry for tech savvy hackers.
With a myriad of progressively advanced methods of stealing data and identities, businesses need to ensure that they are protecting themselves, their employees and customer data: indeed, according to an article published in the Guardian, nine out of ten SMEs have identified cybercrime protection as one of their top priorities.
In light of this, we have produced a list of cyber security tips and guidelines that any small business can follow in order to protect their assets from cyber theft.
Keep everything updated
One of the easiest ways to keep protected is to ensure that you update your computer, software and programs as and when updates become available. The vast majority of these updates or “patches” address vulnerabilities in programs and software that have been discovered due to hackers or malware, or occasionally contain bug fixes or can enhance product performance.
By regularly updating your computer and its installed programs, you are preventing attackers from taking advantage of software flaws, or at least making it much more difficult for them. A lot of companies sell software that automatically updates itself, however, if you get prompted to update your computer or installed programs do so, it takes little time and all of the work is done for you.
The same should be done with browsers (Chrome, Firefox, Internet explorer).
Protect your computers with anti-virus software
Ensure that every device in your workplace has anti-virus and firewall software installed. Antivirus software protects your computer from malicious programs such as Trojan horses, viruses and worms as well as spyware or unwanted programs such as adware. Antivirus software allows you to monitor and control software that you may not want and is designed to protect you from online threats by catching and eliminating threats before they have the chance to become problematic.
For basic online security you will need a firewall: this is your device’s first line of defence: firewalls control who and what is able to communicate with your computer online, blocking attacks and bad traffic to your computer.
There are plenty of free options available, or for extra security, you may want to consider paid antivirus and firewall software.
This may feel a bit over the top, but it is wise to encrypt almost all of the data that you save: encrypt data that goes on cloud services to ensure that it is not accessible to hackers or unscrupulous employees and encrypt hard drives on your computers so that the data cannot be copied.
Encrypting your data ensures that a password is needed to access your data, and even if copied, the data makes no sense without the encryption key.
Train your staff to understand online threats
Due to most of your staff requiring the use of a computer, laptop or smartphone it is advisable to make sure that your employees understand at least the basic principles of cyber security and are able to recognise the warning signs of email scams, viruses or phishing scams.
Although many email providers are continually improving their services and getting very good at recognising potential threats before you receive them, some of the more advanced scams will find their way into your inbox, as they can be disguised as brand emails, client emails etc. However, scams of this type do tend to have some recognisable giveaways.
Identifiable red flags can include:
- Emails asking for personal or credit card details
- Emails containing suspicious attachments
- Requests for immediate action regarding claims ( in the same vain as “we are contacting you regarding your recent claim, due to an unfortunate accident at work”)
Train your staff to report these emails as spam: this way your email provider will be informed and can keep check on this type of email in future. You can also file a phishing complaint or even go so far as to blacklist the domain from your email settings so as to avoid getting emails from the same source again.
You should also carefully inspect any communications containing various spelling mistakes and suspicious looking links. Occasionally, links can appear as normal, but when clicked on, prompt an unwanted download that installs malicious software: always be cautious when clicking on these, and always stop the untrustworthy download before it install itself on your device. You may consider asking your staff to scan suspicious looking emails with free anti-virus software that can be found online (such as Avast or AVG) or whatever software you have installed on your devices.
Make sure that you (or an employee or paid trainer) walk you staff through these measures in a short training session (it needn’t last longer than 30 minutes): writing them all down and expecting your staff to read these instructions runs the risk of this not being done.
Enforce a strict password policy
With your staff trained in online security, it should be easy to set up a password protocol. You can set up a maximum password age which determines how long your employees can keep their passwords: this usually tends to be a maximum of 30, 60 or 90 days. Although it may be a hassle to change passwords this frequently, it is important for maintaining the network’s security.
Furthermore, it is possible to enforce password length and complexity requirements: do not allow you employees to simply use the password “password”: make sure that they are at least six characters long, contain a number and various letter cases. There are also free services online that can produce passwords for you. It is also important to remember not to use the same password for all logins.
Restrict some usage in the workplace
Although it may be annoying on occasion for your employees, it is important to restrict software downloads and to install administrative rights on all company devices so that nothing can be installed unknowingly: this eliminates the risk of an employee accidentally downloading a program that is not trustworthy or that contains malware.