How You Can Improve Your Cyber Security In Just 13 Steps
We are doing business in a very different world to that of a decade ago. With digital presence and 24/7 accessibility, we need to teach vigilance and best practise when it comes to protecting your business online.
At BES IT Systems, we aim to be on the cutting edge of new technology and the ability to integrate them within existing businesses of any size, with staff members of any ability level. In fact, some of the steps you can take immediately, today.
Here are 13 ways that you can improve your businesses security in the digital world:
STEP 1: SECURE YOUR NETWORKS
One of the first lines of defence in a cyber attack is a firewall. It is recommended that all SMBs set up a firewall to provide a barrier between your data and cyber criminals. If you have a Wi-Fi network, make sure it is secure and hidden.
STEP 2: PROTECT AGAINST VIRUSES, SPYWARE, AND OTHER MALICIOUS CODE
Make sure each of your business’s computers are equipped with antivirus software and anti-spyware and update regularly.
All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Best security practice includes configuring all software to install updates automatically.
STEP 3: IMPLEMENT MULTI-FACTOR AUTHENTICATION
Multi-factor Authentication (MFA) requires additional information beyond a password to gain entry to your email, data or network. From both a personal and a business perspective, MFA is something you should do immediately.
Simply update your security settings and require every employee to enter their mobile phone number as a second factor authentication. Then, even if an attacker steals your password, they can’t use it unless they steal your mobile phone and know the PIN.
STEP 4: PATCH YOUR APPLICATIONS
According to Microsoft Australia, one of the most important things you can do to reduce your cyber security risk is the patching of security vulnerabilities in security software, applications and operating systems. New methods of exploitation are discovered daily.
To combat this, you should regularly apply the patches developers release to all the applications you use. Most patches deployed for applications are not for the purpose of adding new features, but for securing the existing features against the many new attacks. Check for updates for applications you run every day.
STEP 5: FILTER EMAIL AND WEB CONTENT
Emails are part of the day-to-day landscape for most small businesses. Emails have also become the primary point of access for cyber attackers. Spam, phishing, and malware are introduced to systems when malicious or infected emails are opened by the recipient. So, knowing what to look for and how to avoid it is vital to your business.
Web filtering follows the same approach as email filtering. You can use security software to block access to untrusted sites and educate yourself and staff on safe browsing practices.
STEP 6: CREATE A MOBILE DEVICE ACTION PLAN
Mobile devices can create significant security challenges, especially if they hold confidential information or can access the corporate network.
To help secure mobile devices, users should be required to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks.
Be sure to set reporting procedures for lost or stolen equipment.
STEP 7: CHANGE YOUR PASSWORDS REGULARLY
Yes, employees find changing passwords to be a pain, however it needs to be REQUIRED that employees use strong passwords and change them often.
STEP 8: ESTABLISH SECURITY PRACTICES AND POLICIES TO PROTECT SENSITIVE INFORMATION
Establish policies on how employees should handle and protect personally identifiable information and other sensitive data.
Clearly outline the consequences of violating your business’s cyber security policies.
STEP 9: CYBER SECURITY IS EVERYONE’S RESPONSIBILITY
Technology in small businesses is usually handled ad hoc, by a single person or a few individuals. It is important to separate cyber security from IT support, because it applies to everyone who uses the internet.
Of all the following actions to protect against cyber threats, only a few should be limited to the resident IT expert. Management should actively communicate staff and stakeholder of their responsibilities.
STEP 10: EDUCATE EMPLOYEES ABOUT CYBER THREATS AND HOLD THEM ACCOUNTABLE
Educate your employees about online threats and how to protect your business’s data. You can’t rely on one person in a 10-person company; everyone needs to have a good understanding of cyber security and risks involved.
Hold employees accountable and have them sign a cyber security policy to show they understand it's importance.
STEP 11: PROTECT ADMINISTRATOR PRIVILEGES
Administrator accounts have full access to operating systems, accounts and networks. They allow users to make changes to the entire system and the accounts of others.
An administrator is a user who has the responsibility to manage these changes. Minimising the ability for users to make changes on computers is vital to keeping your computer systems secure.
As a rule, no one should have access to anything they do not need.
STEP 12: TREAT EMAIL LIKE A POSTCARD, NOT AN ENVELOPE
The first thing to do as a small business with email is think about what’s in it. Email is a postcard, not a sealed envelope. Keep that in mind.
There are numerous places email data can be compromised and worst of all, once it’s been sent it can never be removed and you will have no idea how long that information will be “hanging” around.
STEP 13: DON’T LEAVE LOOSE ENDS
Small businesses work with people they trust, and a lot of people who come and go. Sometimes they don’t go under the happiest circumstances.
If a former employee still has access or even still has their multi-factor authentication enabled, that’s a big security problem that’s painfully easy to address.
If you are unsure of where to start, or need software that will make a big difference, contact BES IT Systems today. Our team is dedicated to ensuring best-practise for your business. Call us on 1300 237 487 and we will be happy to chat!