Reduce your chances of being hacked, with this simple advice
According to the government's Cyber Security Breaches Survey 2018, more than 40% of businesses in the UK have experienced a cyber breach, and more than 70% say cyber security is a high priority for them. Yet less than a third of them have any kind of formal cyber security policies in place. Clearly more needs to be done, and to give you a head start, we've put together 10 cyber security commandments that every business should follow. There are, of course, many more tips and pointers we could include, but hopefully this will at least help you to get started.
1) Anyone can be a target for cyber criminals
First and foremost, never assume that you won’t be hit by a cyber attack. If you’re lucky, it will never happen, but absolutely anyone can be a target, because many attacks use automated software, which doesn’t necessarily discriminate. Small businesses may also be more likely to fall victim to security breaches, because criminals consider them soft targets.
2) Passwords should be strong and unique
Although other forms of authentication exist, such as fingerprint scanners, passwords remain the most common way of logging into websites and systems. Don’t make life easy for criminals by using weak or easily guessed passwords like ‘Pa$$w0rd’ or ‘12345678’, and don’t reuse your passwords in different places.
3) Keep all software and hardware up to date
If possible, use automatic updates to keep your IT solutions up to date. Otherwise, ensure that you regularly check for updates, particularly those that include security patches. Cyber criminals will be well aware of any weaknesses, and they’ll waste no time trying to exploit them.
4) Report any and all suspicious activity
It’s not necessary to report every single dodgy email you get, as long as they’re automatically getting sent to your spam folder, but if you see what you think might be a phishing attempt and it hasn’t been filtered out, tell your IT people. By getting the word out, you can make sure no one in your business falls victim to a scam.
5) Secure all devices including smartphones
In the modern workplace, it’s not just workstations and servers you need to be concerned with; many workers also carry phones and tablets that are connected to the corporate network via WiFi. These need to made secure or limited to a guest network, because they present a potential entry point for hackers.
6) Identify your security weaknesses and fix them
All businesses should be aware of their weak points. That could include many things, including operating systems that are no longer supported, people who aren’t trained to spot phishing emails, routers that don’t use the latest security protocols and systems not configured to deliver the maximum security benefits. Arrange a security audit to gain clarity and to plan ahead.
7) Be careful when clicking links or files in emails
Booby-trapped files and websites are a favourite way for hackers to install malware or to steal data, and email is the most common way of getting people to open them. If you receive an email from someone you don’t know and it’s urging you to download a file or follow a link, stop and think about it first.
8) Lock your computer when you’re away from it
This is especially important if you’re using a laptop or other mobile device and you’re not in the office, because if criminals gain physical access to your computer, it’s no problem for them to install malware on it. To lock your system, simply press the Windows key and L. You’ll need your password or PIN to log back in.
9) Review your cyber security measures every year
Cyber criminals are always looking for new ways to rip people off, so cyber security cannot be considered as a one-off, static purchase. At least once a year, you should assess your current security solutions, to see if they’re still up to the task, and if they’re not, then you need to upgrade. This is also a good time to look at your security budget, to make sure it’s being spent effectively.
10) Make multiple backups, with at least one kept off site
Never put all your backup eggs in one basket: backups can and do go wrong. In the majority of cases, one backup will be enough if your main copy of data is damaged by mechanical failure or human error, but if you’re unlucky, your backup could be lost at the same time. The chances of your backups being affected increase when malware enters the equation. Viruses, ransomware and so on can spread over a network and take out all your backups, as well as your main copies. Keep one of them off-site, though, and you should be safe.