Cyber Protection – Protect Your Business from a Cyber Attack
On this page we will cover the topic of cyber protection – how to protect your business from a cyber attack.
Secure your email
Most cyber attacks are initiated via email either by way of spam or a skillfully crafted email that targets a particular person. Companies that rely on email as part of their payment system are opening themselves up to significant risk. Try to avoid using emails as a way of authorizing payments. Also, having a good anti-spam solution, combined with robust mail settings can easily thwart the majority of these attacks.
Even though many of today’s email attacks are sophisticated, it is still possible for spam management solutions to find certain patterns or behaviours that identify and facilitate automatic removal of the threat.
Weak passwords are like leaving the key under your door mat. Many businesses still fail to implement secure password policies. It is possible to enforce secure passwords that people need to change at regular intervals – we would recommend monthly but at worst quarterly password changes.
Also consider using screen timeouts to ensure that computers lock automatically if they are left logged in and the user is inactive for a period of time.
Business owners are often quite “tech-savvy” and can overlook the fact that many of their staff are not. It is a good idea to provide new staff with a brief overview of your security expectations as well as a run down on good security awareness practices.
In our experience, a quick 15 minute refresher once a year can help to ensure staff are aware of their obligations.
While training helps keep security foremost in the minds of staff, the best security initiatives are those that work in spite of people’s actions. There are a wealth of technology solutions that can be implemented to protect your business:
- Malware and antivirus protection software
- Firewalls – both software and hardware
- Correctly configuring the software you use like Microsoft Exchange
We recommend that you make use of multi-factor authentication wherever possible. Basically, MFA (sometimes call 2FA) is a method that involves the user signing in twice using different methods.
As an example – the online accounting software Xero can require your staff to sign in via a user name / password combination PLUS using the Google Authenticator app on their phone. Software like Microsoft Office can also send an authentication code to your phone via SMS.
Stay Up to Date
Your computer system is only as strong as the weakest link. Make sure all computers on your network are fully patched and up to date. his should also cover phones, tablets etc.
When updating computers, ensure that the operating system and any software is up to date – example – antivirus software.
Mobile device security
The worst possible outcome is that an employee loses their phone and it is unlocked.
If staff are using their mobile phones or tablets to perform any kind of work for your business, it is imperative that they are not only patched, but also locked down. It is possible to enforce rules that make staff sign into their devices.
Backup, backup, backup
Even saying it three times understates the importance of backups! Never assume that your backups are complete and working – always insist that you have at least annual tests performed where your IT staff (or IT company) do sample restores and if possible full restores. How long will it take to rebuild your system from scratch, from a backup? This is an important security metric.
Did you know that it is possible to fully encrypt your data / computers? Encryption is a great way to ensure that even if someone gets access to a stolen computer, they are unable to make use of the data (assuming they don’t also have a password).
Business owners are always conscious of the bottom line and of course, any expenditure needs to be justified. People often place their faith in their IT Manager or IT company and a lot of the time that faith is well placed. However, it is wrong to assume that what was put in place a couple of years ago is going to see your security needs into the future. Constant vigilance / revision is required to see if the best solutions are in place for your business. We offer a free first consultation to all new clients and can help you determine how secure your business is.
Contact us today for an obligation free first consultation.
Make cyber protection and cyber security the focus of your business IT decisions.