Most of us keep our business and private information on computers. These are either desktops machines, linked to a network or free-standing, or a mobile device. During the day we tend not to give a lot of thought to security. We just assume that what we need is there when we want it.
But imagine the scenarios. You cannot access your business contact list. You want to send out invoices but have lost all the sales records. Where is my laptop, have I left it on the train?
Let’s just think for a minute about these situations.
When you can’t access data, it can either be a system failure or a cyber-attack. These days, the chances are you have been the victim of an attack. Surely not, I can hear you say, my business is not big enough to attract attention. Cyber criminals would be going after large companies and government departments, wouldn’t they?
No they wouldn’t unfortunately. Small to medium businesses are the target of 43% of all cybercrimes. Worse, 87% of these businesses believe they are safe because they have antivirus software.
We all need to get with the programme. Cyber-attacks are becoming so sophisticated and clever that not even the biggest of organisations are totally safe. But there is a lot we can do to give ourselves a good level of protection.
There are several basic steps which we can take and will provide a really good level of protection:
- Back up your systems regularly to protect against loss. Already I can feel some you shifting uncomfortably in your chairs because often this simple step is not taken seriously. Back-ups need to be kept separately from your system otherwise they can be compromised.
But I’m in the cloud so I’m safe runs the argument. Indeed, but all the cloud is, is another computer somewhere else. You need to know what their security policies are so you feel your data are safe.
- If you are using applications to run your business, make sure the security updates issued by the vendor are installed and up-to-date. Again, if the application is in the cloud, check with the vendor that they do this regularly.
- Do not use simple passwords. We’ve said this over and over again but people still do because they are easier to remember. There are lists of these available on the dark web. Hackers will use all the words in a dictionary. I advocate using complex passwords but do not support the requirement to change them regularly. This is because it drives people to use the numeric element in the password as a sequence. So the first time they have used the number 1. The next month when the password has to change, the number changes to 2 and so on. This is entirely human, we can’t keep thinking up different passwords and remembering them. I prefer a complex password and the use of multi-factor authentication (‘MFA’).
MFA is a method which, when you log on and put in your password, a separate message, such as a PIN sent to your mobile phone is generated. If a hacker has your credentials and/or the laptop you left on the train, they can’t get in because they need the PIN which you have. It’s as close to a silver bullet as you will get.
- Talk to your staff about security so you can all take it seriously. We all need to understand there are high risk practices, such as transferring data to and from home computers using thumb drives, and using home computers to synchronise directly to the business, which can expose the business to data loss and worse.
- Make sure you have appropriate software to defend yourself. There is no single answer so you might need anti-virus, anti-ransomware and other defence programs. You may not want to spend the money, but it is actually worth it.
This has just scratched the surface of security issues. Take it seriously and you will sleep a lot better if you know your business has a good level of protection.
[gravityform id=”1″ title=”true” description=”true”]