Cybersecurity or IT security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data.
Cyber Security Overview
What is cyber security?
Cyber security is how individuals and organisations prepare and reduce the risk of cyber-attack.
Cyber security’s core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access, both online and at work, from theft or damage.
It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.
Back Up Your Data
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups can be restored if necessary.
Keep Your Backup Separate from Your Computer
Whether it’s on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted
Keep all your IT equipment up to date
Ensure the software and firmware on all your devices is always kept up to date with the latest versions from software developers, hardware suppliers and vendors, be that on tablets, smartphones, laptops and PC’s etc.
Why is it important?
Cyber security is important because smartphones, computers and the internet are now such a fundamental part of modern life, that it’s difficult to imagine how we’d function without them. From online banking and shopping, to email and social media, it’s more important than ever to stake steps that can prevent cyber criminals getting hold of our accounts, data, and devices.
Cyber security needn’t be a daunting challenge for small business owners and although the steps below can’t guarantee you won’t be affected by a cyber-attack, having these measures in place could significantly reduce the chances of your business becoming a victim of cyber-crime.
Back Up Your Data
All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups can be restored if necessary. By doing this, you’re ensuring your business can still function following the impact of flood, fire, physical damage or theft. Furthermore, if you have backups of your data that you can recover, you can quickly get back to ‘business as usual.’ Think about how much you rely on your business-critical data, such as customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them.
Identify What You Need to Backup
Your first step is to identify what you would deem as essential data, that is the information that your business couldn’t function without. Normally this will comprise documents, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone, tablet or network.
Keep Your Backup Separate from Your Computer
Whether it’s on a USB stick, on a separate drive or a separate computer, access to data backups should be restricted so that they:
- are not accessible by staff
- are not permanently connected (either physically or over a local network) to the device holding the original copy
Ransomware (and other malware) can often move to attached storage devices (such as an external hard drive) automatically, which means any such backup could also be infected, leaving you with no backup to recover from. For more resilience, you should consider storing your backups in a different location, so fire or theft won’t result in you losing both copies. Cloud storage solutions are a cost-effective and efficient way of achieving this
Storing your data in the cloud
You’ve probably already used cloud storage during your everyday work and personal life without even realising. Unless you’re running your own email server, your emails are already stored ‘in the cloud’.
Cloud storage is just terminology which basically means a service provider stores your data on their infrastructure, wherever in the world that may be.
The important thing here is it means your data is physically separate from your location. Cloud storage service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware up front. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.
Make backing up your data a daily routine
Backing up data isn’t one of the most interesting things to do, and there will always be more important tasks that you feel should take priority, but the majority of network or cloud storage solutions now allow you to make backups automatically.
Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.
Many off-the-shelf backup solutions are easy to set up and are affordable considering the business-critical protection they offer. When choosing a solution, you should consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.
Protecting Your Organisation from Malware
Malicious software (also known as ‘malware’) is software or web content that can harm your organisation
Antivirus software, which is often included for free within popular operating systems, is a great starting point to protect your data from malware and should be used on all computers and laptops, but the best way to avoid malware is to ensure you’re vigilant when accessing online content.
You should only therefore download apps for mobile phones and tablets from manufacturer-approved stores (like Google Play or Apple App Store). These apps are checked to provide a certain level of protection from malware that might cause harm. It stands to reason then that you should avoid installing third party apps from unknown vendors/sources, as these will not have been checked.
Keep all your IT equipment up to date (patching)
Ensure the software and firmware on all your devices is always kept up to date with the latest versions from software developers, hardware suppliers and vendors, be that on tablets, smartphones, laptops and PC’s etc, Applying these updates (a process known as patching) is one of the most important things you can do to improve security. Think of it as the IT equivalent of eating your 5 a day! Operating systems, programmes, phones and apps should all be set to ‘automatically update’ wherever this is an option.
At some point though you may find these updates will no longer be available, usually when the version of the product you’re using reaches the end of its supported life. At this point you should consider replacing it with a modern alternative, to ensure you continue to be protected.
Control how USB drives (and memory cards) can be used
We all know how tempting it is to use USB drives or memory cards to transfer files between organisations and people, as it’s just so simple to do. However, it only takes a single unsuspecting user to inadvertently plug in an infected USB stick or drive into your network (which unknowingly contains malware) to devastate the whole organisation.
When drives and memory cards etc are openly shared, it becomes harder to track what they contain, where they’ve been, and who has used them, so reduce your risk by only allowing approved drives and cards to be used within your organisation – and nowhere else
Keeping Your Smart Phones & Tablets Safe
Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones than ever before. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than ‘desktop’ equipment.
It is imperative therefore that you ensure all your portable devices such as phones/tablets etc are passcode protected, and where possible, use a longer passcode than the standard 4 digit one, to make it harder for an unauthorised user to guess.
Many modern devices now also include fingerprint recognition to lock and unlock your device, without the need for a password. However, these features are not always enabled ‘out of the box’, so you should always check they have been switched on.
Staff are more likely to have their tablets or phones stolen (or lose them) when they are away from the office or home. Fortunately, the majority of devices include free web-based tools that are invaluable should you lose your device.
You can use them to:
- track the location of a device
- remotely lock access to the device (to prevent anyone else using it)
- remotely erase the data stored on the device
- retrieve a backup of data stored on the device
No matter what phones or tablets your organisation is using, it is important that they are kept up to date at all times. All manufacturers (for example Windows, Android, iOS) release regular updates that contain critical security updates to keep the device protected. This process is quick, easy, and free and all your devices should be set to automatically update, where possible.
Switch on your firewall
Firewalls create a ‘buffer zone’ between your own network and external networks (such as the Internet). Most popular operating systems now include a firewall, so it may simply be a case of switching this on to add another important layer of protection to your system.
Keep your apps up to date
Just like the operating systems on your organisation’s pc and laptop devices, all the applications that you have installed should also be updated regularly with patches from the software developers. These updates will not only add new features, but they will also close any security holes that have been discovered. Again, your devices can be set to update automatically which stops you having to remember to do it.
Don’t connect to unknown Wi-Fi Hotspots
When out in public, for example in hotels, airports or coffee shops etc, you will often see signs for ‘Free Wi-Fi’. Whilst this ‘free’ service may seem appealing, there is no way to easily find out who controls the hotspot, or to prove that it belongs to who you think it does. Therefore, if you connect to these hotspots, somebody else could access:
- what you’re working on whilst connected
- your private login details that many apps and web services maintain whilst you’re logged on
The simplest precaution is not to connect to the Internet using unknown hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security. You can also use Virtual Private Networks (VPNs), a technique that encrypts your data before it is sent across the Internet.
Use Passwords to Protect your data
Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, as well as the personal information of your customers. It’s also likely they will also hold a record of the online accounts that you access. Data that is essential to you but not something you’d like to be available to unauthorised users.
Passwords, when implemented correctly, are a free, easy and effective way to prevent unauthorised users accessing your devices.
To get the most out of password security;
- Make Sure You Switch on Password Protection
- Use two-factor authentication for ‘important’ accounts
- Avoid using predictable passwords
- Change your passwords regularly
- Change all the default passwords that are issued with your devices
In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or they will sometimes contain links to bad websites. These types of attacks might try to trick you into sending money, steal your details to sell on, or they may have other reasons for accessing your organisation’s information.
Phishing emails are getting harder to spot as scammers become more sophisticated, and some will still get past even the most observant users. Whatever your business, however big or small it is, you will receive phishing attacks at some point.
To minimise the risk, it is advisable to use two-factor authentication (2FA) on your important accounts such as email. This means that even if an attacker knows your passwords, they still won’t be able to access that account.
To help prepare for such an attack, consider ways in which someone might target your organisation, so you’re better equipped to spot requests that are out of the ordinary.
Common tricks scammers use include sending an invoice for a service that you haven’t used, so when the attachment is opened, malware is automatically installed (without your knowledge) on your computer. Another way is to trick you into transferring money or information by sending emails that look like they’ve come from a trusted source such as your bank or building society etc.
Ensure you understand your regular business relationships, therefore If you get an email from an organisation you don’t do business with, treat it with suspicion.
Taking the time to stop and think ‘is this genuine?’ can be the difference between staying safe, or a costly mishap.
Obvious signs of phishing
Expecting to identify and delete all phishing emails is an impossible request however, many phishing emails still fit the mould of a traditional attack, so look for the following warning signs:
- Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor.
- Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what would you’d expect from a large organisation?
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- Look out for emails that appear to come from a high-ranking person within an organisation, requesting a payment is made to a particular bank account. Look at the sender’s name.
- Does it sound legitimate, or is it trying to mimic someone you know?
If it sounds too good to be true, it probably is as It’s most unlikely that someone will want to give you money, or give you access to some secret part of the Internet.
It’s important to take steps to scan for malware and change passwords as soon as possible if you suspect a successful attack has occurred. This is where your anti-virus software comes into play.
Attackers regularly use publicly available information about your organisation and staff to make their phishing messages more convincing. This information, known as a digital footprint, iis often gleaned from your website and social media accounts. You should therefore understand the impact of information shared on your organisation’s website and social media pages.
What do visitors to your website need to know, and what detail is unnecessary (but could be useful for attackers)?
If you believe that your organisation has been the victim of online fraud, scams or extortion, you should report this through the Action Fraud Website
Action Fraud is the UK’s national fraud and cyber- crime reporting centre.
Find the Best Cyber Security
Starting a new business do you need to look at Cyber Security?
Exciting Futures was created as an all-in-one solution by bringing together the tools or services you may need to run your business! When you map out your business model, cyber security may be one of the overall parts your business needs to review if required and next steps.
How to start a business
How to start a business in uk
How to start a small business
How to start a cleaning business
How to start a business with no money
How to start up a business
How to start a business from home
Join Our Weekly Updates
Explode your business to the next level