The very recent major website
cyber breach suffered by TalkTalk has left businesses exceptionally worried.
And with the increasing use of the cloud to store confidential data and
information, it is no wonder.
Whilst it seems the larger
companies appear to be the key targets for cyber criminals, the fact is, the
threat extends to companies of all sizes, including the smaller business.
Unfortunately, small businesses
tend to lack the resources and policies that are designed to defend against
such attacks. Yet because they are increasingly using cloud based services,
they still face the same level of risk as larger companies.
So what to do? You need to focus
on minimising your vulnerabilities, and implement policies and initiatives that
are rolled out throughout the business, including to any remote workers.
Start with Email
By encrypting emails and other
communications, you force potential hackers into a fight against a secondary layer
of security. Generally they won’t bother, preferring to move on to an easier
target.
Be Strict with Password Policies
Set a companywide policy on
passwords and ensure everyone who uses technology is trained. Introduce them to
smart passwords that contain unusual characters and a combination of letters
and numbers. NEVER use any passwords that can be associated with a user such as
dates of birth and always vary passwords across different platforms. Needless
to say, passwords should NEVER be written down. It is important to keep check
of passwords so that you are in full control so think about using a management
platform such as LastPass, PassPack or 1Password.
You may also further strengthen
security by using a dual layer password system where possible, so that users
have to enter a second set of characters in order to login. Wherever available,
enable these features.
Be Aware of and Train on Warning Signs
Make sure that each and every
member of staff is trained to identify potential cyber threats such as bogus
emails or phishing scams. Email providers are getting better and better at
detecting dubious emails, but some still find their way past the junk folder.
Train staff to be on their guard for emails that ask them to click on a link to
verify their account details, or enter bank or credit card information. They
should be wary of suspicious looking attachments, in particular zipped up files
that could contain malicious software. And emails filled with bad spelling are
a big warning sign too.
Make sure these emails are never
opened or actioned and that all bogus emails are reported as spam. The domain
can also be blacklisted from your email settings. It is well worth considering
using an email scanning system such as Avast or AVG.
Choose a Robust Firewall
It is imperative that every device,
including PCs, laptops, tablets and mobiles, is installed with firewall and
anti-malware and spyware software so that any potential threats can be
quarantined and deleted before they turn into a problem.
Don’t forget that hackers can get
through mobile apps, and also telephone systems through tollfraud, which is something we’ve covered previously.
