This is a guest post by Ashley Ranwell.
It seems like every week there is mention of a new cyber-attack or cyber theft from a big company. But what often goes unreported is the small businesses that are hit by online criminals. This is not just an inconvenience to the firms involved, it can have crippling financial consequences.
Here is a list of simple steps that are recommended to protect your small business.
Protection From Malware
Malware distribution is at the heart of the operations of many online criminal gangs. It’s a massive underground business.
Many people are aware that viruses can be downloaded which can disrupt the performance of their machine. What is less well known is that some malware can sit on your machine undetected and the hacker can then effectively use your computer as part of their criminal activity.
At the time of writing there is an epidemic of crypto-mining malware. Hackers are now infecting and using the power of people’s computers to mine for bitcoin and other cryptocurrencies.
Ransomware also continues to be a huge problem. The FBI estimate that a billion dollars were paid in 2016 in ransoms by victims to get their computer files back. No figures are available for 2017, but they are likely to be even higher.
To protect your business from malware you should install a good quality anti-virus/anti-malware software system and ensure that it is updated.
Be suspicious of any unfamiliar emails or websites, especially if they encourage you to click on links or download an app. Be particularly wary of .exe files and only install apps verified by an official store.
In your business, all software and firmware updates should be installed as they are released, as these often include security updates. This includes updates to your operating system such as Microsoft Windows.
Having strong passwords is your first line of defence against hackers. This is particularly important for your business network, your bank, and any websites or apps that connect with your financial or other confidential data.
The latest advice on creating strong passwords is to use 3 unrelated words and to add some numbers. For instance, “TableEnvySnake629”. This method balances being difficult for criminals to guess but also giving you the chance to be able to remember the password.
The problem comes when you need to remember dozens of passwords and ideally you need to have a different password for each site or service. This is where password managers can help. They store your passwords and remember them all, so you don’t have to. In fact you just need to remember one password – the one to the password manager itself!
Protection From Phishing
In phishing attacks, criminals send emails that look like they are from your bank or Paypal. They are trying to trick you into disclosing your banking details or get you to click on links to bad websites. These emails can look very authentic so it’s really important to be aware of this type of activity.
The best form of defence is to have a policy of not clicking on links in emails that look suspicious and making sure everyone in your business is aware of this.
Things to look out for include low quality logos and images, obvious typos and poor grammar. It is worth remembering that most large banks have a policy of never asking for personal information in an email.
Don’t discipline anybody that accidentally clicks on a bad link and owns up to it. This may prevent other people from coming forward in the future.
Keep Laptops, Tablets And Mobiles Safe
Whilst desktops in the office are often well protected, mobile devices are at increased risk and need extra protection measures.
There’s the possibility that public Wi-Fi hotspots could be a point of access for criminals to access data. Starbucks recently had an issue with its public Wi-Fi being hacked.
It is recommended that sensitive information is not sent over public Wi-Fi and to use 3G, 4G or a VPN instead.
All mobile devices should be protected by passwords in case they are misplaced or stolen.
IT Security Policy
Most large organizations will have a written IT security policy. So why not have one for your small business? It doesn’t have to be a long or onerous task to create practical policy for your business. The important things to do are to identify:
- What are the main risks (as we have been talking about above)
- What business processes can be implemented to reduce those risks
- Which software or hardware products can be used to increase security
- Who has responsibility for ensuring the policy is implemented
This shouldn’t just be a document that sits on a computer gathering digital dust. You should involve everyone in the business in the discussion. Maybe organize a training afternoon or include it in one of your regular company meetings.
If The Worst Happens
You need to be prepared if you do fall victim to cybercrime. One of the best ways to prevent extended periods of systems outage is to use back-ups. Even if you are hit by ransomware criminals, a fully backed up system should mean that you are able to get back up and running quickly.
Costs of storage have come down in the last 5 to 10 years so there really is no excuse not to fully back up data. The back-up solution that you choose should also be tested on a regular basis.
By putting these simple procedures in place, you will be far ahead of most small businesses when it comes to cyber security. At least you will be safe in the knowledge that your business will not be held to ransom or face crippling outages should a cyberattack take place.
Author Bio: Ashley Ranwell writes for First Line IT about IT support, cyber security and cloud computing specifically for the small business community.