With the fight against one virus offering some hope of success, we cannot ignore the ever-present virus that can harm each of us and our businesses.
Does the mere mention of the word cybersecurity conjure up visions of cyborgs and sci-fi or hackers and the dark arts of the computing world?
Cybersecurity is not new and has been around as long as the IT world expanding from password protection to data encryption, firewalls and server security systems, websites, email platforms and smartphone devices.
The EU General Data Protection Regulation (GDPR) launched in May 2018. The US California Consumer Privacy Act (CCPR) launched in January 2020. Both have highlighted businesses’ responsibility regarding security, privacy, and their clients.
Note: Look out for our article on GDPR and CCPA coming soon
The media loves the scam hacker horror stories that always focus on the big brands and businesses with little or no focus on small to medium enterprises.
Small and middle range business owners have also been slower to react to cybersecurity, but they are an easy target.
And ALL businesses need to review their business security to:
- Identify potential threats;
- Prevent security incidents;
- Improve business security processes; and
- Identify and Implement staff training needs
Where do you start?
Carry out a cybersecurity data audit. A data audit identifies what and where business-critical data is stored, allowing you to assess:
- What type of data are you collecting and why?
- Is it needed – or can you archive or delete it?
- Where are you storing the data, and for what period?
- Is it protected and secure?
- How do you protect and document the data?
- Who has access?
- What backup systems or process are in place?
- Where you may have threat sources/vulnerabilities/events
- What needs to be included in your audit?
- Which staff need to be involved?
- What would be the potential risk and impact?
But what else can you do?
11 top cybersecurity tips to keep you safe
If you have access to or manage data; emails, documents, usernames, passwords, account information or money, cybercriminals will love you – and yes, it can happen to you.
1 Are the websites you own or visit and interact with secure?
All websites should have a Secure Socket Layer (SSL) security certificate. If the website you are visiting starts HTTPS, it has an SSL certificate.
If there is no “s” (HTTP) – leave that site now and don’t provide confidential information.
2 Should you open that email attachment?
Email is the most common way of hackers gaining access to your computer or network data and files.
- Opening attachments or responding to phishing messages is another invitation to access your data.
- Never open an email from an unknown sender.
- Where appropriate, implement a two-step invoice payment authorisation process.
- Educate your staff on eMail use and security.
3 Do you use USB/ thumb drives?
USB sticks offer the ability to upload and transfer data quickly, but you should never use a USB stick from a source you don’t know!
Alternatively, have it checked before uploading it into a network or device.
4 Who’s just looking?
I am amazed how many times I visit business offices and see passwords openly on display on post-it notes stuck to the computer screen.
Can anyone walking past see what you are typing when entering your passwords or login details?
Is your password an open office secret? Or even worse – 123456 or dates of birth or the same password you use for EVERYTHING…..
- Never share your password.
- Change it regularly, and do not use dictionary words or prominent words or dates.
- Consider two-step authentication (more later).
- For business networks, the same applies and more – enforce network password updates and access processes, access restriction for ex-staff and regular risk assessments.
- LinkedIn recommends a 15-character password changed every three months!
5 Use two-step authentication everywhere
Many login platforms and software systems offer you the ability to set up and receive authentication login codes through SMS or specific authenticator apps.
The extra step is widely seen as the proverbial pain – and in our time-poor business environment, an unnecessary waste of time. Until, of course, it is anything but this.
If two-step authentication is available, embrace it for the right reason.
6 Is that LinkedIn job approach from an actual head-hunter/recruiter?
Creating fake profiles on LinkedIn and other social platforms is all too easy.
We want to have privacy through GDPR/CCPA, yet we post personal information on Facebook and other social media platforms.
We do not want face recognition police systems, but we post selfie images on face cartoon apps.
If cybercriminals want to know about you, your employers, your connections, and so on, what better place to start than social media – you tell them all they need to know!
Before connecting and sharing, does their profile have the correct spelling, does it look odd, are the photos more stock image than real, to whom are they related and connected.
Take the time to take a look; it will be time well spent.
7 Complete an inventory of your digital footprint, personal and business
List your online accounts and review passwords/login access. Then change your passwords – and vary for each account. If you are not using an account – can you delete it entirely?
Too many accounts to remember all your passwords? Consider a password manager.
8 Protect access to your devices
If you are leaving your desk or device for any reason, develop the habit of locking your device until you return.
One of the easiest ways for clever hackers to gain entry into networks is via open terminals or logged-in devices.
Be careful what you plugin or install on your devices. Don’t make it so easy.
9 Who can access your computer or do you need access to others?
You may keep your device up-to-date and secure, but what if your co-workers are not as diligent as you?
Accessing their devices may open back doors to invalidate your security actions.
If you have to access other devices, check that they are secure and up-to-date and do not use them for personal accounts in any way.
10 Network access via personal devices
We all understand that our laptop (or Mac) needs anti-virus protections but does your company have their own IT support preferences or preferred supplier?
If you are making a choice, which provider can deliver the trust you need, do your research and remember the free software solutions always come with a paid version – and paid is better than free.
11 Are you buying online? Buyer beware!
Never buy online via your business network or, worse, a device that isn’t yours. Even if buying online from your device, take the time to check:
- Are you using a safe network?
- Is your password strong and secure?
- Is the website you are visiting HTTPS secure?
- Do you save your credit card details in an online account?
- Do you check your online payments/transactions?