Secure my Business
What effects could a cyber attack have on your business?
- Business loss: Reputational damage, or damage to other companies you rely on to do business.
- Financial loss: From theft of money, disruption to your business or loss of information. And the cost to get your business systems up and running again.
Steps to Secure your business
Back up data
It’s essential that you regularly back up your important data and information, from financial records and business plans to customer records and personal information. This will lessen the damage in the event of a breach.
A good back-up system typically includes:
- Daily incremental back-ups to a portable device and / or cloud storage service
- End-of-week server back-ups
- Quarterly server back-ups
- Yearly server back-ups.
Make it a habit to back up your data to an external drive or portable device like a USB stick. Store portable devices separately offsite and do not leave them connected to the computer as they can also be infected from a cyber-attack. Having a copy of your data in a separate location will let you recover information quickly and easily in the event of any data loss.
Regularly check and test that you can retrieve your data from your back-up source.
Secure your computer and devices
Small pieces of software known as malware or viruses can infect your computers, laptops and mobile devices. Install security software on your business computers and devices to help prevent infection and ensure it includes anti-virus, anti-spy ware and anti-spam filters. Make sure that you set your security software to update automatically as updates may contain important security upgrades based on recent viruses and attacks.
Set up firewall security to protect your internal networks. Remember to install the firewall on all your portable business devices and keep them updated and patched to prevent threats entering your network.
Monitor and protect the use of computer equipment and systems
Maintain a record of all the computer equipment and software used by your business. Keep items secure to prevent forbidden access and remind employees to be mindful of where and how they keep their devices.
Educate employees on using a USB stick or portable hard drive. An unknown cyber threat can accidentally transfer from a portable device from home directly into your business system.
Remove any software or equipment that you no longer need and ensure that no sensitive information is on them when thrown out.
Protect important information
Make sure you encrypt your data when stored or sent online so only approved users can access it. Encryption converts your data into a secret code before you send it over the internet. This reduces the risk of resource theft, destruction or tampering. Make sure you turn your network encryption on.
Manage administrative passwords
Change all default passwords and look at disabling administrative access entirely to avoid an attacker from gaining access to your computer or network. Make sure you change each password to something new that can’t be easily guessed. Attackers have the potential to gain full access to your system from an administrator level account.
To reduce the risk of your computer becoming infected, create a standard user account with a strong password you can use on a daily basis.
Choose strong passwords
By creating strong passwords, you are improving your digital security.
Use passwords to protect access to your devices that hold important business information. Having a password such as ‘123456’ or worse still, ‘password’ is leaving yourself open to being hacked.
Frequently change your passwords every few months. If you use the same password for everything, once someone has your password, all your accounts are potentially under attack.
Consider using a password manager that securely stores and creates passwords for you.
Educate your staff to be safe online
It is important to train your staff on the threats they can face online and the major role they play in keeping your business safe.
Your staff need to be aware of their computer rights and responsibilities as well as their network access usage. Be specific about the types of online practices that are acceptable when using work computers, devices and emails.
Training staff on maintaining good passwords, being aware of fraudulent emails and reporting suspicious online activity will help ensure good cyber security practices.
Put security measures in place
Have policies and procedures in place for your staff that outlines what is the accepted standard when accessing:
- Emails and the internet.
Establish a strong social media policy, which sets what type of business information your staff can share online, and where. An attacker can develop a convincing scam tailored to your employee by building a profile from their business and personal information they post online.
Make sure your employees are aware of the policies and that they review them regularly. You may also consider refresher training in these policies to ensure all employees are aware of the IT security and data policies in your business.
Protect your customers
No matter the size of your customer information database, it is important that you keep it safe. Aside from being a huge blow to your organization’s reputation, there may be legal consequences for losing customers’ personal information.
For many people who shop online it is important to know that their payment details and address are secure. It is also important for your customers to know that you will not share their details without their consent. Provide a secure online environment for transactions and ensure you secure any personal information that your business may store. Talk to your payment gateway provider about what they can do to prevent online payment fraud.
Consider cyber insurance to protect your business against impacts resulting from a cyber-attack. The cost of dealing with a cyber-attack can go past the repair of databases, the strengthening of security procedures or the replacing of lost laptops.
Cyber insurance cover can’t protect your business from cybercrime, but it can protect your business against the costs that may result from the attack.
Keep yourself informed about the latest cyber security risks. Online transaction issues and payment fraud can be a real concern for businesses trading online. It’s important to stay informed about the latest scams and security risks.