Securing just five areas of your business online will make you more than 98% less likely to be the victim of cybercrime, lose data or have your systems hacked. Make sure your business has all the Cyber Security measures in place to prevent an attack…
Passwords are the easiest way for criminals to gain access to your online accounts, due to ever-increasing complexity requirements on systems and websites, it’s often easier to use the same password in multiple places often with a common word that is easy to guess.
If you use the same (or similar) passwords across multiple systems and websites or base your password on information about you such as the names of your children, pets or spouse, you should start using a password manager (Check your IT Security policy first). Managers such as LastPass – https://lastpass.com will allow you to have secure, unique passwords on every website.
If your IT Security policy doesn’t allow online password managers, KeePass – https://keepass.info is a secure, offline password database, you will need to make sure you back this up safely and securely.
An area that is often overlooked is the password reset questions, default questions such as “What is your mother’s maiden name?” or “What is the name of your pet?” are extremely easy to find out with a small amount of research on social media. Make sure your password reset questions are based on information that isn’t available online or to anyone that knows you, make up fake answers that are different for each site and store them in your password manager.
2 Two-Factor Authentication
Two-factor (or multi-factor) authentication (2FA/MFA) is used when you log on to an online service, after you’ve typed your password in, the website will require another form of authentication such as a code sent to your phone via SMS. You should enable this on all your online accounts.
Apps such as ‘Microsoft Authenticator’ and ‘Google Authenticator’ make this process even simpler by providing a simple “accept login” button on your phone when you log in to a website or service.
A ‘phishing’ email is an email that tricks you into giving away details such as your username or password – 91% of successful data breaches started with a phishing email.
Be aware of any email that asks you to perform an urgent action with consequences: “click here now or lose access to your account” is a good example of this.
Check the sender of the email, is the domain what you were expecting? look for similar sounding names such as firstname.lastname@example.org or email@Mlcrosoft.com
Ransomware is the biggest cyber threat facing businesses today, damage of around $5bn was done this year alone. Most of this damage was avoidable if computer systems were updated to the latest version, always install updates on your system as soon as they are available.
Bugs found in applications and websites are often exploited to gain access without the need for a login, installing the latest updates for your software and applications is a great idea. Updating your website and all plugins to the latest version is essential.
Following the steps above will make you much less likely to be hacked or lose data but there are unfortunately no 100% guarantees, having a good backup system you can rely on is essential.
Don’t rely on Dropbox/OneDrive for backup, these services are connected to your laptop, and so can be encrypted with Ransomware too. Make sure your backups are stored offline and are not directly accessible
• Make your passwords long, complex and unique – use a password manager
• Enable 2FA for all online services that support it
• Beware of attachments, links or any email that asks you to perform an urgent action
• Update your applications, computer (Macs too!) and your website
• Backup, backup, backup – test regularly and have the backup offline
For more details about how you can keep your business secure, checkout our Cyber Security page here and get in contact today 03300 88 33 10
Please checkout our handy infographic below – and print and share around