In this day and age, it’s very important to take your business’s cyber security seriously. As most businesses are moving online with their storage, payments and access systems it’s important to safeguard your business operations from cyber attacks.
In this article we are going to cover:
- Backing up your data
- Training your staff on cyber safety
- Encrypting your information
- Multi-factor Authentication
- Protecting your customers
- Cyber security insurance
- Monitoring systems
Backing up your Data
By this point we should all know, that it’s important to back up your systems, files and data. You never know when your computer or systems might crash. But backing up data is also important to safeguard against cyber attacks.
There are some types of cyber attacks where they will hold your files hostage, encrypting them and refusing to release the password until you pay a certain amount. There are other cyber attacks where they just wipe your systems completely. That is why it’s a matter of great importance to keep all your data backed up. Thankfully, backing up your data isn’t too difficult these days.
We recommend using multiple backup systems such as daily backup to cloud storage or portable hard drives, weekly server back-ups, and quarterly and yearly server back-ups.
That way you’ll never lose more than a few hours of work.
As a side note, never allow employees to back up using USB sticks. There have been cases of malware on USBs, so it’s just safer to avoid them altogether.
Train your staff on cyber security
A lot of people are going to be fairly ignorant when it comes to cyber security. We all have our specialities and areas of insight. But every business should take the time to train their staff on a few key points about keeping the business safe from cyber attacks.
- They need to keep good passwords and passcodes and change them regularly.
- They need to be able to identify the warning signs for a cyber attack ie: files have changed, there are requests to reset passwords they didn’t request, accounts have been accessed from unexpected IP addresses or emails you didn’t send have gone out.
- What to do when they encounter a cyber attack. This will differ depending on your policies and what kind of attack it was.
Encrypt important information before you send it
Make it a company policy to encrypt important information before you send it or store it online. This protects against theft. You can turn on network encryption before you email or save to cloud storage. This will turn your data into a secret code before it is sent through the internet.
You can set up encryption on your router and if anyone is working on a public WIFI network you should set them up with a VPN (virtual private network).
Ensure all Staff use MFA
Set up all systems and users with MFA or Multi-factor verification. The Multi-factor verification systems are security systems that require two or more points of proof to access your account.
It might be a combination of a password and a code texted to their work mobile, or a password and facial recognition software.
Multi-factor verification adds an additional layer of security to systems and it means that cyber attacks are less successful.
Protecting your customers
It’s very important that you keep your customers safe while they shop online with you. As a business you will be privy to personal and private information from your customers and if you compromise their privacy and safety online it can damage your company’s reputation irrevocably.
Your business needs secure payment systems and some assurance for customers that if they shop online with you, they are safe.
If you take payments online check what your payment system currently does to ensure privacy and safety for your customers and make sure you are confident with their approach and systems.
Cyber Security Insurance
Dealing with the fallout of a cyber attack can be pricey. New computers, new operating systems, loss of income during a shutdown period, loss of business from customers due to bad press.
It’s not a fun time for a business and hopefully you never have to go through it but depending on your business’s size, industry and dealings, it might be a good idea to look at cyber security insurance.
Like with any insurance, you have to weigh up the pros and cons but it’s worth considering.
Monitoring equipment and systems
We don’t like to say this but a good business owner already knows it. You have to monitor your staff’s usage of equipment such as computers, tablets and laptops as well as the systems they use for work.
A lot of holes in your protection will be caused by staff who are either not well versed on cyber security or simply make mistakes.
Keep a log of all tech equipment and make sure all staff know what they have and what they responsible for.
Educate your staff, tell them to be careful where and when they use their work devices – connecting to public WIFI can be particularly fraught with danger so if you have staff who need to use public WIFI, get them a VPN (virtual private network).
Guide your staff on best practice for how they keep their work devices secure and logging off at the end of each use.
Instead of passwords, try to get your staff using passphrases.
Passwords are by nature easier to guess because they are shorter and despite many warnings, most people are still using words they will remember like spouse’s names and birth dates.
Passphrases are still easy to remember but less likely to be hacked because it will take longer for a brute force hacker to get in.
Here are some tips for a secure passphrase:
- Make it 14 characters or longer.
- Include capital letters.
- Use symbols to replace some letters.
- Get them to use a different passphrase with each account.
Remember your business’s cyber security is important. For the most part it comes down to educating your staff and maintaining your company’s policies to protect your business from cyber attacks.
Asset College, winner of Large Training Provider of the Year 2020 have over 15 years’ experience in training for the security sector.