For many small/medium businesses cybersecurity can be a daunting task, alongside not having the necessary recourses or skills needed to ensure that the business is fully secure. However, there are some simple and easy steps to take to help minimise the risk of possible suffering. These steps cannot guarantee total protection against cyber-attacks however, they can help significantly reduce this risk.
- Complete risk assessments
- Ensure your desktop security is up to scratch
- Employ proper email security
- Frequently back up data
- Train all employees on appropriate protocol
- Protect your mobiles and tablets
- Secure your WIFI
Complete risk assessments
First and foremost, it is imperative to complete risk assessments. An IT risk assessment helps highlight any weaknesses you have within the IT system, allowing you to proactively create a disaster recovery strategy that protects any critical information from threats.
IT risk assessments should expose:
- Any weakness or vulnerable areas that allow security breaches. This can include things such as untrained employees, out-of-date software, and old equipment.
- What the companies most valuable information and assets are, such as client information, monetary data, and trade secrets
- What threats are most critical to your business: Hacking, system failures, natural disasters.
Once the IT risk assessment has highlighted the above, you can put together steps on prevention, improvement and disaster crisis.
Ensure your desktop security is up to scratch
Desktop security is regularly forgotten about, especially in small and medium businesses. Desktop security includes ensuring that all computers/laptops used by employees have appropriate anti-virus software and that all computers are updated regularly with the latest security patches and system updates.
We recommend setting up prompts on employee’s computers, asking them to change their password every 90 days. As well as introducing policies or restrictions on downloadable content.
Employ proper email security
Most businesses use email to communicate internally and externally. However, many businesses fail to put appropriate security in place, opening themselves up to the risk of phishing emails. Alongside training employees to be able to identify phishing emails, by means of unfamiliar email addresses, suspicious links and spelling errors, businesses can also protect themselves by enforcing regular password updates, using strong passwords, setting up 2-factor authentication and also use VPNs (Virtually Private Networks), especially if there are employees who work from home. If you are sending sensitive data or information by email, you can use encryption apps that will disguise any information from hackers.
Frequently back up data
Businesses of any size should ensure that they are backing up their data regularly and that it can be restored. This will ensure that the business can still function if they experience a natural disaster such as a flood or fire, and also if the data can be restored it will limit the likelihood of blackmail by ransomware attacks.
Things you should consider when backing up your data:
- What data should be prioritised
- The location you store the backup copies. This should be a separate location from your regular computer system
- Consider locations such as the cloud. However fully read and understand the security of the cloud system you use
- Ensure data is being backed up daily
Train all employees on appropriate security protocols
Training all employees on proper IT security will significantly reduce the risk of data breaches within the business. Including cyber security training into your onboarding process, brings awareness to all employees of the importance of cyber security, and also ensures that your employees know what to look out for – for example, phishing emails.
Protect your mobiles and tablets
Any device that is regularly taken out of the office, needs to be protected and arguably needs far more security than desktop equipment. All devices should be password protected and the password should be updated often. Settings to track lost or stolen devices should be turned on or/and if applicable the ability to remotely wipe all data from the device. All Apple and Android phones have this feature.
Furthermore, we recommend updating the device's software and apps frequently, as well as not connecting to any unknown WIFI.
Secure your WIFI
Unsecured networks can leave businesses extremely vulnerable to cyber-attacks. These steps will help secure your network easily and quickly:
- Move your WIFI router to a secure location
- Change your network name
- Have different access for guests
- Change the default login information
- Update your firmware and software
- Use WIFI protected access
- Remove rogue access points
If you are looking for help with your cyber security, book a free security assessment or visit our website, and explore all of our cyber security services.