Cyber Security Essentials – Keeping Your Business Protected
Technology continues to develop at an unprecedented rate. This is great news for business owners who are looking to streamline business processes, automate workflows, and access systems and data on the move. However, as technology progresses, so do the risks associated with its use.
Law and policy is continually in a state of flux as it attempts to keep up with the rate at which technology is progressing. Whilst in many respects, we can rest in the knowledge that both public and private organisations are working hard to protect users from harm, it is important that consumers and businesses recognise that they too have an important role to play in order to protect themselves and their data.
One important change that businesses should be aware of is the introduction of the General Data Protection Regulation. You can find out more about the Regulation and its impact on businesses in our earlier blog post – How Do Data Protection Laws Apply To Me And My Business?
In preparation of the forthcoming changes to the law dealing with data protection, we have produced an introductory guide to help you understand what you can do to protect your business and clients when using technology and the internet.
One of the more common ways systems and accounts are compromised is because of weak password protection. Worse, sometime passwords are just given away to people as a result of fraudulent calls and emails, or shared with individuals who can pass it on further either by accident or intentionally.
So what can you do to ensure your passwords protect your data?
Firstly, never share your password. If someone asks for your password or user details, this will likely be fraudulent. It is against most organisation’s policies to request customer passwords, as it places them in a position of risk if something where to happen to your account or service.
Always use secure passwords. One or two word passwords are incredibly easy to guess or circumvent via brute force attack. You can use memorable words or phrases, but mix them up with a combination of uppercase and lowercase, numbers, and special characters. For example, a memorable phase may be “I love cheeseburgers”. You could increase its security simply by substituting some characters “1L@V3Ch33sBurg3r5”. You can check how secure your password is using this online service, How Secure Is My Password.
If you use the same password for more than one service, and it is compromised, then you risk additional services becoming affected. There are solutions available such as LastPass, which allow you to generate unique passwords and save them in the cloud so they can be accessed wherever you are and on any device. You will also receive security alerts if a service you use has become compromised, so you can act quickly to change your password.
2 Factor Authentication
2 factor authentication (2FA) or multifactor authentication (MFA) provides an extra layer of security where a password alone is insufficient. MFA is an excellent solution for protecting highly sensitive or confidential data, and many larger enterprises expect such additional layers of security being implemented in the course of their dealings.
Simply, 2FA requires the user to carry out an additional step once a username and password has been entered. This step is something only the user has the ability to carry out, for example, generating a unique one time passcode using a security dongle, scanning a QR code using their smartphone, or even by using their fingerprint.
If you want to learn more about 2FA / MFA and the products available, we recommend taking a look at TechTarget’s Buyer’s Guide which provides a great starting point for early adopters.
Antivirus and malware protection
Antivirus software is designed to detect and prevent malicious software (malware) from infecting your hardware. This could be your PC, laptop or smartphone. Any device which stores data could potentially be a target for cyber criminals. They could extract that information and use it for their benefit, or to cause harm to the user, their organisation, or its customers.
Whilst today, default antivirus packages which come pre-installed on computers provide a good level of protection, users should still consider other solutions which are available as freeware or premium services. The default antivirus protection rarely provides the same level of security you would get from specialist software which is designed specifically for protecting your hardware, software and data.
If you are looking to invest in additional protection, the most important thing to remember is that an antivirus is only of use if it is kept open and up to date. Software developers spend significant amounts of time keeping their threats databases up to date, so they can protect against all the latest malicious attacks. Additionally, the most effective antivirus packages work by scanning the computer in real-time to provide instant protection, so if the application is not running, it can’t do its job.
You can check out PCMag’s guide to The Best Antivirus Protection of 2017 for a round-up of the latest products available.
Additional security best practice
Whilst we consider the above cyber security essentials, there is still plenty more a business could and should do to keep it, and its employees and clients protected. Whilst some security methods come in the form of software or services, others are a matter of understanding, training and implementing best practice within the organisation.
In later posts, we will look at additional security systems and measures, including VPNs, Firewalls and Encryption. In the meantime, why not take stock of your current IT setup? Consider the types of data you handle, how sensitive it is, where it is stored, and what measures you can put in place to keep it protected.
Did you find this useful?
Then please share it across your social media channels. Click the icons below to share now. Thanks.