8 Simple Ways to Improve Your Company’s Online Security
Small and medium-sized businesses are seen as an ‘easy target’ for online hackers and digital interlopers, but it doesn’t have to be that way. Every day in the UK hundreds of businesses are held to ransom or have their time wasted by people online who are out to prove a point, make a fast buck or just cause mischief. IT security breaches cost UK SMEs an estimated £3,770 each and can take IT infrastructure down for (typically) 2-3 days. The larger the business the greater the cost and the greater the risk.
We act as security consultants for some of the UK’s biggest venues and institutions, but here are a few simple things that smaller businesses can do to improve their online and internal security themselves.
1.) Change passwords regularly.
This should be done, at minimum, every ninety days. It’s one of the easiest things we can do that makes a real difference to business security. First of all this weeds out those self-set passwords like Password1 or the names of family pets that are just too easy for hackers to guess.
If your business laptop bag goes missing – full of hints and tips and personal notebooks as well as your business computer – you shouldn’t make it easy for criminals to guess your online or laptop login details. Common passwords are known to cybercriminals and make your business vulnerable to attacks from the outside.
We recommend using a password generator Like Avast or Random.org, and a password manager like 1Password or LastPass (which has both). It’s safer to have a password generated by a password generator than to use a basic password that simple hacking software (or some using social hacking) can figure out.
2.) Install and secure your firewall.
A firewall can be hardware, software, or both. A properly configured firewall makes sure your computer or network stays safe from potential intrusion and snooping by hackers while it is linked to the Internet. It carefully watches the digital data coming into and out of your computer and looks for unusual activity. It then chooses whether or not to block or allow the traffic based on your security rules.
Windows 10 and macOS both have their own firewall protection systems, but when you get a new computer it’s important to enable these before going online. It’s also important to keep on top of those new updates to your operating systems.
It’s also possible to invest in independent firewalls for networks (and for other uses) through the likes of WatchGuard or Cisco. For extra security, if you are a bigger business (and therefore often a bigger target) or rely on the privacy of your data you can buy additional levels of business networking firewall offering extra security and extra peace of mind.
If you need any help with this give us a call, we’re happy to help.
3.) Invest in antivirus and anti-spyware software.
Computer viruses, Trojans and keyloggers want your information, processing power and digital details – and there’s a growing online industry in ransomware, selling business secrets and for financial business information.
Sitting in the background can be a piece of software monitoring every keystroke of your accounts department, looking at your latest patents before they are registered or recording your details as you enter passwords.
Anti-virus and anti-spyware software are permanently on the lookout for those immediate threats and make sure your data is safe.
4.) Delete old accounts and wipe old computers.
One method for a hacker to get entry to your network is by using old accounts and logins. This is often overlooked. Employees have a habit of using the same details across different accounts, and this is an easy way that malicious individuals to circumnavigate your IT security. This is especially true with a business’s social media accounts – and no one wants a Tweet going out to your business account that was intended for an ex-employees personal account, even if it might be by accident.
If you’ve moved to a new system or gone through recent redundancies, it’s a good idea to review what you currently have in place and delete or revamp what’s in place already. This is just good IT support practice.
5.) Don’t eat the Spam.
One of the biggest dangers facing your company’s IT security can be email messages from unknown senders looking for ways to use carefully crafted electronic mail to gain access to your systems.
A company-wide policy (as part of your HR onboarding procedure) is a cost-effective way to limit your networks exposure to phishing scams or links to malware (software designed to cause damage to a computer, client, server or IT network). Giving your staff the simple rule of ‘If you don’t know it, don’t open it’ can save a lot of problems down the line.
Modern filtering software can also catch the majority of spam before it lands on your plate. Intelligent mail protection systems offer and an extra level of reassurance and protection. Anti-spam software uses a set of protocols to identify unwelcome and unsolicited messages and stop those messages from getting as far as your company inbox. This is a must if you have your company contact details in the public domain, on your website for example, and using a mail form instead of using a direct email address can also stop automated software from finding your email accounts.
6.) Log off, turn off and lock it.
Another good onboarding tactic is to encourage staff to shut down computers when they aren’t in use. Not only does this save power, decreasing overheads and extending the life of your Mac or PC, it also stops computers being ‘as visible’ to potential hackers and malevolent attacks overnight or during quiet periods. The less time a computer is active, the less time it is potentially exposed to possible IT security issues. Standard practice should also be that all workstations go into password mode when unattended – which can save a lot of problems help protect the likes of client information, confidential company documents, financial statements and employee data to name but a few.
7.) Make sure your network is secure.
All routers, wireless and wired, have an admin page that lets you make configuration changes. Most come with a default password, or no password at all, leaving it (and your network) open to IT security issues directly out of the box.
Heading into the router settings and changing your password settings is a must for small business protection. Once you find the address for your settings page – it’s probably detailed on the back of your router – you can change your login details. Hackers know the common logins and factory defaults for different brands of router and may test lists of default passwords against your network settings – it’s important that we don’t make it easy for them.
8.) Stay current.
As technology evolves, network and IT safety hazards become more advanced as well. As a business owner, when you’re busy doing all the things needed to make your company productive and profitable, keeping up with network security can easily take a back seat and you might, understandably, be unconscious of a problem until it’s too late.
If necessary, don’t be afraid to outsource your security and IT support to someone whose job it is to stay up-to-date on emerging threats and the possible risks.
There are around 65,000 attempts to hack UK businesses, medium and small, every day. It’s estimated that around 4,500 of these are actually successful. Forrester Research claims that 38% of UK companies have lost business because of IT security issues. With a few simple precautions, however, it’s possible to reduce your risk.
If you’d like to know more about improving your cybersecurity, give us a call on 01509 808586. No two businesses are the same, large or small, and a cost-effective and custom solution is the best way to protect your company. It is important that small businesses don’t confuse compliance with actual cybersecurity, and we’re always happy to offer advice.