The internet is under attack from hackers. Unfortunately, it’s not just big businesses that are being targeted that need Cyber Security for Business protection. According to the FSB, 20% of small firms have experienced a cyber attack in the last three years and over seven million individuals have been targeted over the same time period.
What do hackers want?
Most cyber attacks on businesses are financially oriented. Hackers target companies looking for financial data and a pay out. They seek out easy targets and extract what they can before moving on.
This article will show you how to increase your business online security and avoid becoming the next easy target.
Could this really affect me / my business?
Yes it could. Whether you’re a big corporate or small business, a celebrity or Joe Bloggs, it doesn’t matter. Anyone with an internet presence is vulnerable to a cyber attack.
For hackers, it’s not about how well known or wealthy you are, it’s about how easily they can steal from you. And if they do steal from you, it’s not only financial but also reputational damage you’ll have to contend with.
Studies by BT found that small businesses are ill-prepared for the threat of cyber attacks. Many are relying on security products not designed for businesses and 4% of SMEs aren’t using any cyber protection at all.
This is usually because companies don’t know the risks. Since COVID, many businesses have moved online but without a real understanding of security. Cyber hackers know this and so, in the aftermath of the pandemic, have increased their efforts to target SMEs.
Wait, before we lose our heads…
It’s true that the internet presents new opportunities for the exploitation of others. But it’s also true that nefarious individuals have existed since the beginning of humanity.
Progress comes with a price. As long as we have the internet, we have cyber attacks. Rather than panic, dwell on why, or lament the past, the best thing we can all do is put measures in place to secure ourselves and our businesses.
Even with some barriers in place, hackers will move on to the next target. Have very little or nothing in place and you’re a magnet – and easy win – for cyber criminals.
What can I do to secure my business?
You don’t need to be a security expert to protect your business. You also can’t prevent everything, but here are six steps to take that are very effective.
1) Enable two-factor authentication
Two-factor authentication (also known as 2FA or MFA – multi-factor authentication), is an alternative to passwords. It requires you to present another form of credentials before you can gain access to a site. With the huge increase in cybercrime, tighter security is needed. Passwords are no longer enough.
Enabling two-factor where possible – on your website, email or any web tools you use – is crucial for your own and your business’s security.
The best form of 2FA is through apps on your phone (e.g Google authenticator). This is closely followed by SMS and lastly, email. SMS and email are more vulnerable to hacking so they are not as secure as the app method.
As a business owner, you’ll want to enforce 2FA on all staff accounts, including temporary users and freelancers.
2) Use your company email domain for all business accounts.
Always make sure new starters have a company email account and that all company tools are signed up with that account.
This is for two reasons:
- It maintains boundaries and protects company property once a user has left. An employee using their own personal email address can easily regain access to accounts after they’ve left (through password resets etc).
- Personal accounts – particularly services like Gmail – are common hacker targets and personal security is likely to be weaker than the company’s.
3) Ensure staff have unique logins to all services…
… as opposed to a general, ‘info@-’ account that multiple people use. Because multiple people use these, it’s much harder to keep track of who has the details, where they’re stored and where they’re being sent.
Using individual, unique logins helps you determine compromised accounts easier and assist with the principle of least privilege (POLP).
POLP refers to the information security concept in which a user has the minimal level of permissions needed to perform his or her job function.
4) Implement a no-click policy within your organisation
Abate the clicking of malicious email links with a no-click policy. What does this look like? Well, email recipients ask the sender to verify the contents of the link (for example, by describing it or providing a screenshot).
This might not be easy for some organisations but for others – particularly those with customer service desks – it’s crucial.
However, for all businesses, if you’re able to implement such a policy, you’ll effectively eliminate phishing or malware attacks.
5) Minimise the tools you use online
Over time you build up a library of online tools that you’ve used in the past. Several of these you’ll no longer use yet the account is still active. Where possible, delete!
Data breaches can still happen on services you’ve not used for five years. And it will be all the more painful since it could have been easily avoided.
Practise security hygiene: delete old accounts and keep unnecessary data out of the public eye. Less online tools means less exposure to your data.
6) Use a password manager
Password managers help you securely store and generate unique, protected passwords.
There are a variety of password managers to choose from – Wired breaks down some of the best in this article. Which you choose depends on your business or personal requirements.
Managing financial or other sensitive information
Follow the aforementioned best practices and you’ll be in a strong position security-wise. When its comes to the protection of sensitive company (or personal) information, here are a few additional dos and don’ts:
- access private company info through public wifi or unknown networks
- use a shared or borrowed computer for accessing banking information
- use a password-protected wifi hotspot from your phone
- use the bank app on your phone (browsers are more easily hacked than apps)
- use a VPN to protect yourself
What’s a VPN and why use one?
VPN stands for virtual private network. It’s a service that allows you to stay private – and therefore secure – online by hiding your IP address. VPNs establish an encrypted connection between your computer and the internet. They ensure the traffic from your device to the VPN server is secure. This means that nobody can intercept any meaningful data.
You can use a VPN any time, but they are particularly beneficial when you’re in a public setting and don’t have a private WIFI connection.
A word of warning:
Avoid free VPN providers. Yes, they are too good to be true. If a tool is free for the user, then it is making money through other means. This could be through ads, or it could be through selling your data.
On a paid VPN service, your data is protected. Express VPN is a good, paid VPN service that creates a secure environment just for you to use. There is no logging of data and the server runs in memory so no data is written to any hard drives, minimising your data risk. NordVPN is another paid VPN service that has 5530 ultra-fast servers, a verified no-logging policy and unlimited speed and bandwidth.
How SOZO can help
At SOZO, we take security seriously. As standard, we keep server software up to date through monthly patching; we regularly update site servers; and we actively monitor sites for unusual activity.
However, with hacking methods constantly evolving and becoming more prevalent, you might find you need something bespoke to your business. We offer our clients a robust and dedicated security service to give you complete peace of mind.
SOZO’s security service provides regular website scans which detect vulnerabilities and puts clients on a web application firewall (WAF). The WAF analyses traffic going to your website. It searches for common attack vectors and unusual behaviour and immediately blocks them. For additional security you can lock down your admin login pages to only be accessed from your company office IP and block certain countries from accessing your website completely.
. . .
Whether or not you’re already one of our clients, get in touch to see how we can help secure your online business: 01242 511912 or email@example.com