5 Reasons Cyber Security Should Be Top Of Your To Do List
Failing to secure your digital assets and operations can be ruinous - it can lead to irreparable monetary and reputational damage to your company which you may never recover from.
The threats in the digital world are numerous, complex and ever-evolving - they can come at us from every quarter and are getting increasingly sophisticated and harder to deal with. Keeping on top of them is a challenge - but not impossible if you take the right approach. Just as you would never leave your office unsecured with all the doors and windows wide open at night, so you should never neglect to protect your livelihood from the severe consequences of hacker activity, internal security or data breaches and internet scams. Yet many small businesses are drastically underprepared and under-resourced for this very real threat.
So, what do you really need to know about small business internet security - and what can you do today to make your start-up safer than it was twenty-four hours ago?
Shut The Door On Malware
Your hardware and software set ups and your connection to the world wide web are portals. And just as you wouldn’t dream of leaving your house in the morning with the door unlocked, wide open and inviting criminals to come in and take whatever they like, so you need to apply the same attitude to these portals into the heart of your business. Malware is a catch-all term meaning ‘malicious software’ meant to infiltrate your network or a specific drive without you ever knowing. Learning how to remove malware is essential for small business owners who may not have an IT support department primed and ready to do it for them. Start by ensuring that you have firewall protection -most internet routers will have a firewall pre-installed but you may need to activate it. Don’t make the mistake of thinking that this keeps you fully protected - it's not enough on it's own, but it is a good first step. For all your business smartphones, PCs, laptops or tablets, you should install extra security software to layer in protection. Look for a comprehensive PC security programme which doesn’t slow you down, but does offer a shield against shady websites, identity fraud and hacker attacks in one. And if your business is at a stage where you have employees and a network of PCs and servers, make sure you have a solution in place which can help you to monitor multiple user security from a single dashboard. These days, business is increasingly mobile, so you need to take special location-aware measures for portable devices. Security software that is location-aware will automatically change the security settings on a device as it goes inside or outside the office, so you don’t have to keep making manual adjustments. Your email can also be a significant point of danger. A good anti-spam programme is also essential to reduce unwanted email traffic and remove risks or even just distractions for you and your employees. If spam never reaches your business then it can’t be a risk or a time-waster.
Image via Pexels
Create A Cyber Security Policy
Most business start-ups don’t have a written cyber-security policy, but in fact this is just as important as your marketing strategy or your business plan. Being a smaller operation is a double-edged sword. You may think that, because of your size, you’re less likely to come to the attention of cyber-criminals, but actually smaller businesses can be more at risk as hackers perceive them to have less in-house IT capability and weaker defences, which is often true. Educate yourself and your employees about business security requirements at induction and also with regular mandatory updates. Create an IT policy to share which spells out exactly which applications are allowed on company computers and which are prohibited due to security concerns. Require a minimum level of security for passwords and provide guidance for employees on how to create a secure internet password. Take the time to spell out the consequences if policy is knowingly not followed- how will it impact your profits and your customers? How could it damage your reputation? What will happen to employees who allow this risk into the business? Be prepared to back up whatever you choose with action if necessary. You may also want to outline the appropriate usage of company IT hardware and software, including use of the Internet. You may want to specify that company devices may not be used on unsecured public WiFi networks such as at the airport, as these are hotbeds of criminal activity. Create some education also around email - being aware of threats, what to do with spam if it gets through, and what should and shouldn’t be forwarded. Make sure that your company has good data hygiene by never sharing data through email - it should always be uploaded to an encrypted secure server. Eighty per cent of data loss is caused by human error, which means that it's largely avoidable. Mishandling data can be disastrous, as British Airways found out with their recent data breach. Finally, nominate a point of contact that employees can go to if they are concerned there has been a breach or have questions about policy.
Secure Your Social Channels
Your business relies on social media for so many things - as a key marketing channel, to keep in touch with customers, spread the word with influencers, network with other businesses and suppliers and establish your reputation. Therefore, social media channels also need to be a priority when you are empowering your employees to follow best practice. Social networks are wide open, so how do you minimise the risk to your business while reaping the benefits they bring? Don’t give all employees access to company social media profiles. Decide in advance on a limited number of people who can use the accounts and make it clear what subject matters they can and can’t engage in. When authoring your company security policy, you may need to be quite specific about not sharing confidential information on platforms such as LinkedIn, Twitter, Facebook, and Instagram. Put in place a non-disclosure agreement which covers your confidential operations, customer data and other sensitive information your business handles, and make sure you explicitly mention the use of social media within this document. Social platforms can be hard to make secure, as they are spaces where people are actively encouraged to share information - and you will also want your employees to be using them as well. Developing some social media and blogging guidelines can be extremely helpful for steering your employees in the right direction.If someone is posting on behalf of your company, it's always better if they identify themselves and their role on the platform, and remind customers not to share their own personal information publicly - if they require help with a specific problem that contains identifying information like addresses, telephone numbers, order numbers or locations, it's better to move the discussion onto a closed platform by signposting them to direct message or email you instead. Give clear guidance on content and tone of voice to employees who are posting under the company name. Remind them that you can be social, but also be smart. You should only publish information that is already in the public domain or that you are comfortable with being shared widely. Limit the amount of personal information exchanged socially, and make sure everyone is clear not to click any links that come from unverified sources.
Keep Passwords Updated
Many of us think we have a decent level of password security, but research shows that most passwords are not secure and can be easily broken by hackers. For the most secure option, have your employees use a secure password generator to create a separate password for each system or piece of hardware they need to access. This will be a long string of random letters, numbers and special characters that would be impossible to guess. These secure passwords are naturally extremely hard to remember, so to avoid the risk of employees writing them down, point them to a password manager which can store them under a single log-in, so there is less to remember. All passwords should be changed on a frequent basis, so require systems to request a new one after a few weeks. Educate your employees about the secure creation and storage of passwords which will minimise the risks to your company.
Think About BYOD
BYOD, or ‘bring your own device’, is a situation which many companies - purposefully or inadvertently - end up in, as the lines between personal and corporate digital use get more and more blurred. Small to medium businesses are most likely to run this gauntlet due to budgetary issues. Developing a BYOD plan is therefore essential to protect against both data costs and legal ramifications. Your plan should cover areas such as location tracking, secure data deletion, and internet monitoring. Mobile device management solutions are usually well worth it in terms of mitigating potential pitfalls. Monitor the use of BYOD in your business in order to prevent future device security issues.