Top 10 tips to keep your business cybersecure
Published: Wednesday, 16 June 2021
Technology use has leapt forward in the past year – has your cybersecurity kept up?
Geoff Hazell from Premieredge looks at how you can help to keep your business safe from hacking and other data breaches.
As Covid measures are relaxed in the UK, they leave behind a vastly different work landscape. Many businesses are adopting a hybrid model where people work a mixture of remotely and in the office. Whilst this potentially has advantages for both employers and employees, companies do need to consider what this means for the security of their business data outside the controlled environment of the office network.
So, what can companies do to boost the security of their data?
- Don’t bury your head in the sand! Companies (in particular small businesses) responded quickly and with great creativity to the advent of Covid, with staff quickly adjusting to working from home. However, with the speed things changed, Cybersecurity may not always have been ‘top of mind’. Research shows that cyberattacks have increased dramatically since the beginning of 2020 with phishing attacks and video conferencing being particular targets. The risks of continuing to ignore the threat are huge, so if you haven’t done it yet, now is the time to sit down and plan how you are going to protect your business.
- Understand the risk. Can you truthfully say that you are fully aware of who in your company is accessing business data (including emails), what they are accessing and on which device(s)? This information is a vital first step to producing a robust cyber defence strategy.
- Train your team. Don’t assume that your team have the knowledge required to avoid a cyberattack. The vast majority of attacks could have been prevented if people had known exactly what to look out for. In addition, much data loss can be attributed to human error without any malicious intent – with data being accidentally shared or deleted. If you work with an IT support company, they should be able to help you with this or point you in the right direction.
- Control how your team access business data. Whether employees are accessing data from a company server or via Microsoft 365, measures need to be put in place to ensure that the data is being accessed safely. Appropriate security access and permissions should be set up and kept up to date as new starters join or team members leave or change role within the company.
- Install anti-virus software on all devices. This includes ensuring your team’s home devices are protected against ransomware, viruses etc. If your team are using devices for work, we would suggest it is your responsibility to provide this. As a business we use and recommend Webroot.
- Monitor which programmes/apps your team download. The more programmes and apps your team are downloading, the greater the potential for a hacker to access their computer. Ask people to only download apps relevant to their work, and to check before downloading programmes/apps that are not used widely within the team. Obviously, this only applies to business devices.
- Back-up and update to prevent data loss. Ensure all files are backed up regularly, whether these files are saved to on-premises servers or in the cloud such as in Microsoft 365 SharePoint. To protect the company from data bleed it is vital that staff do not save files locally on devices whether these are in the office or at home. Finally, ensure that all software is kept up to date. Companies such as Microsoft release regular patches to their software to resolve known issues and installing these will help protect your devices.
- Encourage no blame reporting of mistakes. People do make mistakes, but as the saying says it’s how you deal with them that’s important. The sooner that you know about a problem, the quicker and easier it is likely to be to sort it out.
- Use a business password manager. Strong, unique passwords are vital in the war against hacking, but no one has the ability to retain lots of long, unique passwords in their memory. The result – poor password management. People write down passwords on post-its, use the same password for everything, or use weak passwords they can remember. Investing in a good business password manager can quickly improve security at a reasonable cost.
- Finally – have a business continuity plan. Every business should have a plan of what they would do in the event their business was to suddenly face a crisis, and as part of this you should consider what actions you would take in the event of an innocent or malicious data leak. For example:
- Do you have a back-up of all files if one were to get accidentally or maliciously deleted?
- What would you do in the event of a client data breach?
- If one of your team member’s devices was hacked, what steps would you take to resolve it?
- Do you have Cyber Insurance to protect your business in the event of financial or data loss?
Many companies under-estimate the devastating effect a data breach or hacking attack could have on their business. This damage can be mitigated of course via Cyber Insurance, but we would always suggest that while insurance is vital, companies should also do everything they can to prevent a breach in the first place. The good news is that in the vast majority of cases, data breaches could be prevented with the right planning and setup. An initial step in the right direction would be to go through the process to achieve Cyber Essentials certification, with Cyber Essentials Plus offering even greater peace of mind. Both demonstrate to your clients and partners that you take the safety of their data very seriously, and it is now becoming a pre-requisite for some tenders too. If you would like a chat to us about undertaking this process, please do give us a call on 01275 400300.
Director at Premieredge Solutions Ltd