SMEs & CyberCrime- 5 simple things an SME can do to stay secure
From securing your network, to reviewing physical access to PCs and educating employees on security, there are five important things you can do today to make your business more secure.
Business can be challenging: suppliers, customers, logistics and finance – all need the business owner’s attention, possibly daily. Cybersecurity also needs your attention, but if you plan and implement a well thought-out strategy, it needn’t disrupt the working day, whilst keeping your company safe from the growing threat of CyberCrime.
We live in a digital world where the number of automated hacking attacks on the internet, or bots, outnumber people online. It’s a stark reminder that CyberCrime is growing, and you need to be vigilant to ensure it’s not your business that pays.
Email & Virus
The single biggest threat to your company will come in the digital-post – email.
Phishing emails that try to get you to enter sensitive personal or finance details or emails that bring infected and malicious files with it plague businesses everyday. You should enable any built in security and firewall settings available in the operating system of your computers and consider installing Anti-Virus software from reputable companies and if you have a larger office, you could consider installing a hardware firewall for dedicated network protection.
Employees should know that they should never click on links or save attachments from unsolicited emails, no matter how convincing the email address or message content looks. Most large email providers filter out much of the spam or dangerous email, but as new threats emerge there should be a responsibility on the individual employee to be vigilant.
Regardless of what software operating system you are running, Windows, Mac OS or another, you should ensure that updates are downloaded and installed. Many software updates can be automatically downloaded when available by enabling ‘Auto-Update’ and for operating systems you should make sure employees do this.
Applications like Office from Microsoft or browser plug-ins like Adobe’s Flash will often request the users’ permission to download and update, and you can eliminate emerging or newly identified threats by making sure operating systems and applications are up to date.
Employees might grumble that their PC slows down or prevents them from getting on with work at hand while it’s updating, so for non-critical updates, maybe schedule regular updates for Friday evening if everyone’s going home early, but critical or security updates should be installed when they become available
If you use an email service from the leading tech companies like Google and Microsoft, you may have noticed an option to ‘Enable Two-Factor’. This is a simple process, but makes using the service far more secure. It’s easy to enable it on your email account and then the service provider will send you an SMS text with a code you enter as a second means of identity, in addition to your password. Social Media sites also use it, as do banks and other financial organisations. If there’s an option to enable two-factor for any of the services your business use, do it.
It’s crucial that the passwords you use at work are up to the job or keeping the account they’re attached to safe. Short passwords, passwords that include an employee’s name or common passwords, should always be avoided. Eight character passwords with a combination of numbers, upper-case and lower-case numbers and some symbols should be used as a minimum, but ideally passwords should be twelve characters or more in length.
Make your password policy such that it means employees are responsible for creating their own, strong passwords and the policy should stipulate that passwords should be changed regularly, and never reused across different services; one password for the bank, one for payroll, one for email and so on.
One of the greatest threats to businesses is when data leaves the office. This happens practically every day when you leave the office with a mobile phone, a laptop or perhaps a USB key with a saved presentation.
Laptops should always be protected with a strong password at start-up, and many of them have built in encryption tools, ensuring that the data cannot be accessed even if the laptop is dissembled.
Mobile-phones and tablets should also be protected by a strong password and you should consider installing Mobile Device Management (MDM) software if you have sensitive data on your mobile-phones.
In large companies, USB drives can be a thorn in the side for IT Managers, and many staff often don’t have the security privileges to insert and save to a an external USB drive. If you do carry data on a USB drive yourself or allow employees to bring sensitive documents out of the building, consider using encrypted drives like the Kingston range that has a small keypad on the drive to unlock it.
Magnet are hosting the National Cybercrime Awareness Day on October 24 in the Royal College of Physicians, Dublin 2. You can register your interest here.