One of the key factors that effects almost every business with a digital profile is IT security. It’s a constant challenge to get right whether you are a small start-up or a large corporation.
Unfortunately, there are organised criminal gangs in this world who are fixed on trying to do us harm. It’s something that has been with us since the birth of the internet.
The biggest question we get asked at Cyan Solutions, is what best practice can be employed to ensure better business IT security.
Here’s a list of things you can do right now to help protect your business:
1. Don’t Assume It Won’t Happen to You
This is something we find with many SMEs. They think they’re too small for hackers to worry about. It’s simply not true.
Most attacks come through automated delivery such as Phishing email. The hackers and malware developers are looking for someone, anyone whose system they can get into. Whether you are just a one-person outfit or have many staff, treat cybersecurity with the same level of seriousness as you do other aspects of your business.
According to a recent report by Verizon, 71% of cyberattacks happen to smaller companies with less than 100 staff on the payroll. That is in part because there are more of them but the clear message is to be aware and have robust cybersecurity policies in place.
2. Use a Firewall
The first line of defence against cyberattacks is an effective business-grade firewall. Think of this as a barrier that repels common attacks and prevents malicious threats getting to your network. Companies often neglect to invest in this area as they don’t understand the importance of good perimeter security. They assume a generic router does the same job, it doesn’t. You need to improve network security measures if you want to remain safe online.
And, it’s not just external firewalls that are important – if you have sections of your network that contain sensitive data, for example, you may want to protect these with additional cybersecurity measures.
3. The Challenge of BYOD
Bring Your Own Device (BYOD) has largely been accepted in the business world over the last decade after some initial reticence by employers. It can often be easier for an employee to use their own smartphone or tablet or even laptop to do their work.
The trouble is that these are not generally as secure as the hardware and software that you have for your business. Staff can download the wrong apps or visit the wrong sites that open them (and your business) to potential cyberattack.
This is something that is unlikely to change in the future. BYOD offers too many benefits. The challenge is to make sure that mobile devices are updated with the right security and that staff understand their obligations.
4. Having Comprehensive Cybersecurity Policies
This brings us to the strategy for your cybersecurity protection. All businesses, whatever their size, need to have a robust set of policies that staff can adhere to. Many smaller companies do this in an ad-hoc manner which can mean their business IT security is missing vital core components. Ensure that you document your policies and make them readily available to all members of staff – including senior managers and executive teams.
5. Password Protection
It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack. Passwords should ideally include upper- and lower-case letters, symbols and numbers. For more sensitive areas of your business, you also want to consider multi-factor identification.
It might seem like a simple thing to include in a best practice list but passwords are a real issue for businesses. Enforcing a robust policy in this area is important and could well protect your business from cyberattack.
Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised access to systems. Always change the default password that comes with a new device.
If two-factor authentication is available, make sure it is enabled and use it. A common and effective example of this involves a code sent to your smartphone which you must enter in addition to your password.
6. Educating Staff
One failing, particularly for smaller businesses, is not educating their staff on the right IT security protocols. There’s plenty of evidence to suggest that, even if a company has a password policy in place, in the majority of cases it is not enforced.
You have to bring your staff into the loop and make sure they are well educated with regards to cybersecurity risks. For example, User Awareness Training is a great way to educate staff to the dangers of email threats, such as Phishing attacks, which are not always easy to identify.
7. Regularly Update Your Devices and Software
It’s quite worrying the number of small and midsize businesses that do not make the effort to patch their systems, devices and software. Manufacturers release regular updates which not only add new features, but also fix security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security.
8. The Right Level of Protection
Finally, the fight against cyberattacks is a never-ending battle and you should have the appropriate virus and anti-malware software in place which is regularly updated. One big mistake businesses make is to assume that standard anti-virus software alone is adequate protection for their needs. How security should be tailored to better protect your organisation is something you need to discuss with your IT provider. Understanding what threats are targeting and putting additional layers of security in place to protect against them is an essential part to any cybersecurity strategy.
At Cyan Solutions, we deliver cutting edge IT services and support. If you want access to the best cybersecurity expertise for your business, tailored to your needs, contact our team today.