I have just read an article on a security blogger who, if anyone is safe from cyber-attack it should be he, was targeted by a distributed denial of service (DDoS) attack which was intended to shut down his blogger site. You may say he poked the tiger by uncovering hackers online, but it illustrates that if someone takes against you it can get very nasty, irrespective of your technical skills. Here are some cyber security tips for SMEs that will add to the protection you can easily afford for your business.
Cyber Security Tips - Educate
This is probably the best approach to security. Educating your workforce not to open but to question the origin of unexpected emails or perhaps attaching personal devices to your business Wi-Fi is just the beginning. There are many introductory courses out there on which it would pay you dividends to enrol yourself and your staff. Their format can be anything from off-site attendance to online do-it-it-in-your-own-time. From the various articles and reports out there it is clear that some 80% of all successful attacks on businesses who incorporate security into their technology are due to human error. Making your staff aware of the possible threats to look out for will go a long way to consolidating your investment in security technology.
Cyber Security Tips - Passwords
This for me is probably the most fascinating area of security. They are frequently the easiest way into an online account and yet passwords are nothing new, they didn’t come about due to the Internet and online banking; they have forever been the key to spying, to keeping secrets. The problem with passwords is that with the advent of technology and our dependence on a multitude of accounts required from online banking through to accessing data in the cloud, people have become either lazy or complacent; don’t forget that remembering many passwords is a challenge to most. Having said that it’s not only the users who are to blame for loose lips sinking ships, so to speak; administrators who insist on complex, un-memorable passwords that are changed frequently are also a player in the blame game. If you want to avoid the pitfalls of poor passwords do some research on the best way to approach creating and remembering passwords. Perhaps consider using a password manager to assist you with your passwords. These help you to use complex passwords with ease, but beware some are better than others and some even bring their own security pitfalls. I will be writing more on this subject soon.
Cyber Security Tips - Connecting private tech to company networks
We all have mobile phones, MP3 players and other technology we keep on us even when at work. No problem with that until, that is, you connect them to the network or your computer in the office. Even if your business has excellent technology at the edge keeping out all boarders, loss of security integrity mostly arises from within the business. Everything from disgruntled workers through to inadvertent downloading of malware and viruses should be cause for concern. A relatively easy solution is to ensure your networks, routers and other network hardware have adequate password protection. Network devices managing white lists of approved websites or applications make a fearsome wall against which your most determined employee will fail – so if it's not on the list you can't have it! Also, make sure your IT guy/gal doesn’t give network passwords to their office friends to reduce their mobile phone bandwidth costs – matching networks with approved devices is becoming much easier these days. Without significant additional investment the best way to control this situation is to issue properly secured and locked-down smart phones and laptops to your staff with encryption configured as standard. There is no point protecting your data only to let it be stolen from a mobile device out in the field.
Cyber Security Tips - Reputation management
Many people do not associate this with security but it is vital that you consider it as part of your security audit. The loss of data pertaining to your company's behaviour can be a reputation killer. In this regard ensuring security is strong on your social media and other public facing technology you employ will make sure you aren't easily hacked. Remember the many UK central government tweets a few years ago put out there by someone who stole the social media's platform password. Consider using Two Factor Authentication to reduce this risk. Among others, Google, Facebook and Twitter support this approach as standard.
Cyber Security Tips - Data protection
I am always surprised at how many business owners I speak to do not know that it is a legal requirement to sign up to the Data Protection Act. As soon as you collect client data it is your responsibility to keep it safe from others. There are hefty fines for those businesses that lose it and cannot prove that they have done their best to keep it secure. Don’t panic though, with the advent of online CRMs and sales tools they take on the responsibility of keeping your data secure. If you do keep data locally or on your website, then it is your responsibility to prevent external access. Encrypting data within the database is the best approach and if you have financial data on your website, in your office or shop then you MUST comply with PCI DSS rules and practices. While they are not onerous and mostly require good practice and using the right tools for data protection, the punishment for non-compliance can be draconian. Just look at the fines placed on businesses that have lost data in recent years - the loss of revenue due to loss of reputation would be bad enough but the fines could put you out of business.
Cyber Security Tips - Cloud usage
For many of us the Cloud has become part of our lives, whether personal or for business. Remote storage is great for securing your documents and business data. Online CRM and sales management can ease the burden significantly, improving your security. Security in the Cloud, for the most part, is pretty good but make sure you understand what they are doing for you (for your money).
While it is possible to inject quality security into your business effectively and cost-efficiently, the biggest threat to your business still remains the human interface. Don’t simply assume that you have security in place; question it, question the providers, make sure it is fit for YOUR purpose. Can it grow as your business grows? How flexible is the solution? What if you change your business model, can your security cope?
If you would like to have a chat about any of this I would be happy to do so. Contact me here or call me on my mobile - +44 7786 936 950.