IT security for beginners, this affects all businesses, large and small. Cyber criminals are out there, trying to take advantage of security weak spots. The damage can be devastating.
Prevention is better than cure, as the saying goes. So, in this article we introduce three key elements of cyber security for your business.
Reduce the risk of a cyber attack by taking the following steps to protect your:
- Devices and Files
Your workers are crucial for IT security. Raise awareness and implement simple best practices to protect your business as a team.
- Use Strong Passwords: they should be more than 12 characters and a mix of letters (upper and lower case), numbers and symbols.
- NEVER reuse or share passwords
- Limit the number of log-in attempts to prevent password-guessing.
- Most importantly, make your team aware of what to do when they get a suspicious email (e.g. those that might contain ransomware or viruses, could be phishing scams, or imposters). Consider using email authentication software. Build a security-conscious culture with training and briefings. Consider making training mandatory.
- Set up your router with security in mind: change the default name and password, turn off remote management and log out when you are finished.
- Make sure your router in encrypted: Use a router with WPA2/WPA3 and make sure encryption is turned on. This will mean that information sent over your network can’t be read by anyone outside the organisation.
Devices and Files:
- Passwords. Make them mandatory. On ALL devices – phones, tablets, laptops and PCs. This may seem obvious, but don’t overlook it and make your business an easy target. Remind staff to NEVER leave their devices unlocked and unattended, particularly if they are in public.
- Use Two-Step Authentication. This requires something more than logging in with a password, such as a code sent to a pre-registered mobile phone or email address.
- Regular back ups. Make sure anything business critical has an off-network back up. Options include in the cloud, on paper, on an external hard drive, etc. If you choose to use a paper back up system, make sure they’re in a secure location and protected against fire, flood and theft.
- Keep your software up to date. This means ANYTHING that’s connected to your network (e.g. apps, web browsers, operating systems). Updates often have security patches. You can even schedule these to happen automatically overnight or at the weekend to minimise disruption to the working day.
- Use encryption. Encrypt any devices with access to potentially sensitive or personal data (e.g. laptops, tablets, smart phones, flash or external drives and cloud storage solutions).
Keep your remote access secure by protected devices and training staff.
Plan for the physical security of your data – whether its on paper, hard drive, flash drive or on your laptop.
Regularly review your web hosting service and make sure that’s up to scratch.
Consider where – outside of your business – your data goes. Speak you’re your vendors and find out how they keep your data safe. Use this in your procurement processes going forward.
Take out a cyber insurance policy to help you recover from any financial impact of a data breach.
Have a disaster recovery plan in place. Whilst it sounds daunting, setting this up simply means you are prepared if the worst should happen. A typical disaster recovery plan includes what to do about saving/recovering data, how to manage business continuity and letting your clients know. If you do experience a breach, the FTC’s Data Breach Response: A Guide for Business lays out the steps you can take.
It goes without saying that IT security is important. But it needn’t be intimidating or complicated. Start by compiling a list of best practices (like those in this article) and implement what you can.
If you need someone to take a look at your IT infrastructure and show you where you can improve, EOS conduct free-of-charge IT audits that give you a clear overview of where you stand. Get in touch to find out more.