Forget about diets, the best resolution you can make this year is to give your business a cybersecurity makeover.
According to a Cyberventures report, there is a ransomware attack taking place every 14 seconds – and everyone is fair game. From small businesses without a cybersecurity budget to billion-dollar companies like Under Armor, Marriott or Uber, it could happen to any business (and indeed it does). Yet, considering how widespread these attacks are, the majority of businesses still don’t have a plan to tackle data breaches and other cybersecurity issues.
The good news is that there’s plenty you can do today to help secure your business.
First, here are a few obvious ones to get you started:
- Audit your data. Data overwhelm is real, y’all, but you can’t ignore it forever. Do you know where your customers’ data is, and how it can be accessed? Where do you store your most sensitive data? Don’t forget to include the trillion Excel spreadsheets you’ve been hoarding since 1997…
- Maintain an “Access Control Register” to keep a log of all systems used and track access being granted and revoked.
- Regularly and securely back up your business data. Backing up your data is a must, but doing so also comes with its own security risks, so make sure to research your options
And here’s a few more to consider:
Password manager
Remembering passwords, especially multiple complex passwords, is a total nightmare. Sharing them insecurely is also a great way to ensure they’ll end up in the wrong hands.
Enter password managers! Password managers are the best way to share and easily update passwords across your team. They also encourage you to create more sophisticated passwords, as you don’t need to remember them off by heart.
Top Tip: Try LastPass or 1Password now, and never look back.
Stronger authentication
Passwords are one thing, but if you want to be extra secure, say yes to any software’s suggestion of two-factor authentification. Yes, it can be a pain to have to enter a code sent to your mobile every time you want to access your emails. But it’s nothing compared to the pain of your emails being hacked into….
Top tip: Go one step further and install an authenticator app on your phone.
Keep software updated
Waiting for your devices to update their software is boring, but you know what else is boring? A hacker making the most of your software’s vulnerabilities.
Software updates do a whole bunch of things including removing bugs and repairing security flaws. Next time your device prompts you to install an update, please go for it pronto!
Top Tip: set up automatic software updates. Find out how to do this here.
If an email is alarming or confusing, chances are it’s a fake. Some fakes are more obvious than others of course, whilst some emails really nailing the branding of the company they’re imitating.
Top tips:
Think before you click:
- Spelling mistakes, grammatical errors, and “Dear customer/friend” are all red flags. Delete and mark as spam immediately.
- If the email urges you to rectify a situation by clicking on a link, don’t. If you’re worried it’s true, open a browser instead and visit your account on the website directly to check the situation.
- Check the email it comes from. If it’s somedude@amazonserviceswebappz.com it is NOT from Amazon, for example.
Choose secure software
When selecting any new software, research their own security credentials. An ISO 27001 certificate for example, is a good indicator that they have strong safeguards in place.
Consider using software for your sensitive communications. Whilst emails are practical, it’s very easy for your organisation to lose control of information, as it can be forwarded to anyone at the click of a button. Even if your recipient does not forward on your emails, if they travel outside of your IT ecosystem, you are relying on the recipients’ security protocols and email servers to ensure that the information isn’t hacked or lost.
Top tip: For commercially sensitive interactions, such as a tender process, favour software such as DeepStream. It is not only highly secure with an ISO 27001 certificate, but also gives you a high level of control about who sees what information at what stage.
Watch your wifi
Not everyone works from the same office every day. When conducting business on the go, you are often hunting for any wifi you can find in cafés, airports, train stations,… However, these can be a security issue, especially when dealing with sensitive data. Always prefer private and secure connections, and beware of fake hotspots.
Top tip: Consider investing in a VPN which will encrypt your data when you’re using public Wifi. ExpressVPN, for example, exists as a phone app or Google Chrome extension and is an easy quick way to secure your devices when you are travelling.
Have a response strategy in place
Finally, if the worst happens, you need to have a cybersecurity strategy in place for dealing with it. Who will lead the first response and what will be your first steps to deal with it?