Securing just five areas of your business online will make you more than 98% less likely to be the victim of cyber crime, lose data or have your systems hacked. Ransomware is the biggest cyber threat facing businesses today, costing businesses more than £58 billion per year across the globe. A new organisation will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. Most of this damage can be avoided if computer systems are updated to the latest version and simple steps are followed by all users.
Make sure your business and staff have Cyber Security measures in place – and that they are used – so you are best-placed to prevent an attack…
1. Make sure you use up to date, supported systems
– Install updates on your systems as soon as they are available
– Bugs found in applications and websites are often exploited to gain access
– Your IT Security provider will manage and identify the most important updates and check the impact the updates are likely to have on your systems
– Updating your website and all plugins to the latest version
– Most Cyber Protection insurance policies won’t cover your business if you are found to be using outdated or unsupported systems
Passwords are the easiest way for criminals to gain access to your online accounts
– Ensure passwords are not the same across multiple sites
– Use a set of three words rather than a single, easy to guess one
– If your IT Security policy allows, use an online password manager such as LastPass https://lastpass.com which secures unique passwords for every website
– If your IT Security policy doesn’t allow online password managers, consider KeePass https://keepass.info which is a secure, offline password database but you will need to make sure you back this up safely and securely
– Password reset questions should be based on information that isn’t available online or to anyone that knows you
– Consider making up fake answers to the password reset questions which are different for each site and store them in your password manager
3. Multi-Factor Authentication
Multi-factor authentication (sometimes known as two-factor authentication, 2FA or MFA) can be implemented for many online accounts. In addition to your password, the website will require another form of authentication such as a code sent to your phone via SMS. You should enable this on all your online accounts.
Apps such as ‘Microsoft Authenticator’ and ‘Google Authenticator’ make this process even simpler by providing a simple “accept login” button on your phone when you log in to a website or service or provide a time-bound code to use.
– ‘Phishing’ emails are the emails that trick you into giving away details such as your username or password – 91% of successful data breaches started with a phishing email
– Make sure you hover over links in emails before you click them. For example, www.facebook.com and www.facebook.com go to two different places!
– Be aware of any email that asks you to perform an urgent action with consequences: “click here now or lose access to your account” is a good example of this
– Check the sender of the email – is the domain what you were expecting? Look for similar sounding names such as [email protected] or [email protected]
– Copy and paste some of the text into your search engine – often there are references to text used in scam emails
– If unsure, contact your IT Security provider
Whilst taking precautions is a good idea, there are unfortunately no 100% guarantees. It is therefore essential to have a good backup system which you can rely on.
Don’t rely on Dropbox/OneDrive for backup – these services are connected to your laptop, and so can be encrypted with ransomware too. Make sure your backups are stored offline and are not directly accessible.
– Update your systems, applications, computers (Macs too!) and your website
– Make your passwords long, complex and unique – use a password manager
– Enable MFT for all online services that support it
– Beware of attachments, links or any email that asks you to perform an urgent action
– Backup, backup, backup – test regularly and have the backup offline and offsite
For more details about how you can keep your organisation secure, checkout our Cyber Security page here and get in contact today 03300 88 33 10