If you own a small to medium-sized business here in London, your computers and mobile devices (such as tablets and phones) access, share and store a ton of information that’s important to your enterprise and its work, finances, employees and customers. Sadly, this data isn’t always safe from prying eyes, even when tucked away in some supposedly hard-to-reach, password-protected places. So we make no excuses for regularly writing about data security because, according the UK’s Federation of Small Businesses (FSB), smaller enterprises are collectively subject to almost 10,000 cyber-attacks a day. One in five small firms say they’ve suffered a cyberattack in the last two years. What’s more, the annual cost of such IT security attacks to the small business community is estimated to be £4.5 billion. In this blog post, then, we’re going to focus on why data security demands your attention. More than that, we’re going to provide you with our top tips for keeping your data and business safe.
Why data security demands your attention – nine ways you can bolster your cyber defences
The FSB research highlights the scale of the problem: one in three small firms say they have not installed security software over the past two years; four in ten do not regularly update their software or their IT systems or back up their data, and fewer than half have a strict password policy for devices. If this research chimes with the experience of your small London-based business, then your data security demands your attention. So here, as promised, are those nine ways you can bolster your data security defences:
Adopt password best practices
We know passwords are the bane of modern life! And creating strong, easy to remember but hard to crack versions can seem a challenge. However, it’s actually easier than you think. In reality, you don’t need a random jumble of numbers, letters and symbols to keep the cybercriminals at bay, instead:
- Avoid common phrases, techniques or keyboard paths, such as 1234567, password or qwerty,
- Use a password that will resonate with you and you’ll remember it (like the name of a favourite sports’ person or pop star from your childhood)
- Remember that the more characters you use, the more secure your password is
- Include a variety of characters, from at least one lowercase letter and one uppercase letter to a number and four symbols (but NOT the symbols &%#@_
- Never use a password in more than one place
- Change your passwords at least once a year
This process can be much easier if you use a password manager which will help you and your team to create, store and share passwords.
Try Two-Factor or Multifactor Authentication
Two-factor authentication (2FA) adds an additional layer of protection to your accounts. This sign-in method needs additional information aside from your username and password, ranging from a PIN number sent to your mobile device or e-mail, to fingerprint authentication.
As you’ve probably guessed, multifactor authentication (MFA) uses this same approach but requires even more layers of information than the two-step version.
Never wait or hesitate with updates
Basically, install updates, fixes and patches as soon as you receive them from the vendors of your computers, devices, networks, software and applications.
Outdated and unsupported technology is a serious threat to your data security, as these updates are usually designed to close already detected security weaknesses.
To make the process easier, you can usually set-up your technology to update automatically. While we’re on the subject, be sure to keep extensions, such as Flash and Java, fully up to date.
Install both a firewall and an antivirus program
Put simply, implementing a reliable and robust anti-virus software in conjunction with a firewall is perhaps the most cost effective and efficient way to fight a wide range of malicious cyber threats.
A firewall filters the activity coming into your system, stopping malicious software and hackers before they get in; while antivirus systems captures and quarantines any threats that make it through your firewall.
- buy anti-virus software from trusted companies
- Run one anti-virus software on your computer at a time
- Leave your firewall and antivirus software ON (but if you need to allow a program through, set up an exception instead).
Understand phishing scams and how to stop them
Phishing scams can be hard to spot, particularly to the untrained eye and especially as the cybercriminal and their hacks are becoming ever more sophisticated.
Essentially, a phishing scam is where you’re sent malicious code or similar in an attachment to (or link provided in) an e-mail.
Worryingly, cybercriminals can now mimic the look and tone of e-mails from genuine organisations, including those you’re probably familiar with. But you can help protect technology and data from phishing attacks in these ways:
- Never click on a suspicious link
- Never open an email from a sender you do not know
- Always inspect e-mails, keeping an eye out for spelling errors and blatant typos,
- Always inspect links, even those sent by friends – they can be hacked, too.
Note: these threats don’t only come in e-mails. They can arrive as telephone calls and flyers on your doormat, although the aim is always the same: to gather your personal information and exploit it.
Public Wi-Fi is no-no
Public Wi-Fi networks tend to be insecure, and those who are tech-savvy can pry on and steal the information you’re viewing, sharing or working with while connected.
Wherever possible, have your team use either a virtual private network (VPN) or, if that’s not possible, their mobile phone to access the data they need.
Secure your mobile and remote devices
Every endpoint device connected to your network (such as a mobile phone, laptop or tablet) is a cybersecurity risk just waiting to be hacked. It’s important therefore that you work to secure these as well as you would your in-house systems.
So you and your people should use your mobile devices responsibly to keep them more secure, always:
- use a secure password or PIN
- Install new updates as soon as possible
- Only ever use apps from trusted vendors
- Keep personal information out of text and e-mail messages.
Be alert and aware at all times
According to the USA’s IT Governance blog, 53% of successful cyber attacks infiltrate organisations without being detected and 91% of all incidents don’t generate an alert.
So keep your eye open for other telltale signs of a successful hack. These include:
- Your systems acting strangely
- Being denied access to files, folders, apps or software
- Your bank balance not being what it should
- Your credit score suddenly plummeting for no apparent reason
Make backing up part of your routine
If the worst happens and a cybercriminal makes it into your IT infrastructure, they may corrupt, destroy or hold to ransom your data.
Data loss can be mitigated IF you’ve regularly backed up and can rapidly upload a clean, recent version of your data onto your systems.
The best and simplest way to backup is to adopt the 3-2-1 strategy. This simply means you should have three copies of your data (your production data and two backup copies) on two different mediums (disk and tape) with one copy safely stored off-site for disaster recovery purposes.
Any data breach can threaten your business, IT infrastructure, IP, confidential customer information and hard earned reputation.
What’s more, such a breach can badly impact your finances. How? Well, under international data protection regulations, such as the EU’s General Data Protection Regulation (GDPR), data infringements can lead to a maximum fine of €20 million or 4% of your business’s annual global turnover – whichever is greater.
Strengthen your weakest link
The chink in any organisation’s cyber security armour is human error and the online threat actors know this. Chances are, it’ll be one of your team who inadvertently clicks on a malicious attachment or link and unleashes a malware or ransomware attack.
So everyone who regularly uses your technology (or their own) connected to your business network, should know how to keep your IT, network, data, IP and confidential information cyber secure. According to Staffing Future, one of the fastest growing staffing website design companies in the US and the UK, technology available is growing more sophisticated and more complex. Employees should be able to spot, stop and report the common cyber security attacks. Security training for your team members is becoming increasingly important as more and more people move to remote working.
Investing in data security and broad security training and education for your team in the many, various and evolving cybersecurity threats out there will deliver the best possible return.
We take your data security and IT security seriously
Staying safe online is now considered mission critical for businesses of all sizes from start-ups, SOHOs and SMEs to global, blue chip corporations.
However, if you own and manage a small to medium-sized business in London, finding time to invest in data security, IT security and security training can be difficult. So why not talk to our highly experienced and expert cybersecurity services team?
A confidential, no-obligation chat to us about safeguarding your business against the online threats, from IT security to security training advice, will pay dividends. In fact, we’ve helped numerous organisations across the Capital to perfect their data security since our formation in 2008 and on the way we’ve even managed to earn a couple of consecutive Feefo Gold Trusted Service Awards, Five Star ratings from both Trustpilot and Google and 98% client retention rate.