Information to help your business benefit from telecommunications

Cyber Safety for Your Business

Cyber security center

It’s odd. Most of us will go to extraordinary lengths to protect our homes, sometimes choosing to live is a mini fortress of exterior lights, gates and high walls to keep out possible intruders, yet are almost contemptuously careless with the way we safeguard our property on-line.  This is perhaps less true when it comes to our businesses because the risk is more palpable, but it remains the fact that most organisations are woefully ill equipped to deal with cyber attacks of almost any nature. For most it’s just never happened, they’re just stable doors flapping in the let’s look at some simple steps that all organisations should take to protect themselves.

First question. What’s your data worth to an outsider? You’ll probably find that some core data is vital to the life of the company whilst other data is precious and more still neither here or there. Decide who has access to what and take steps to increase security at higher levels. The fewer people who have access to really vital data, the safer it is.

Update your operating systems software regularly and install business class anti-virus and malware software. Hackers tend to fall into one of two groups, those who do it for the fun of finding holes in defences and causing chaos and those who aim to sell your information, either to someone else or back to you. Microsoft, Apple and the others are constantly working on finding holes in their own products and issuing patches for them when they do. Constant checking and updating is important.

Introduce authentication as a back-up to passwords. Passwords are notoriously unreliable and whatever people are told they’ll still use “QWERTY” or “football” or something similar. Authentication demands that whoever is trying to enter the system is asked a second, personal, question that hackers will have a problem answering.

One thing that’s inevitable is that staff will go on-line to look at websites, either for the company or themselves. Try and make a rule about not submitting information of any sort unless that website displays the padlock and HTTPS in the address bar. Talking of which, it’s a good idea to invest in teaching staff about Email security and especially how to recognise a phishing attack. Is it worth investing in an email security system that will encrypt messages in transit and at rest? These are able to verify the origin of messages enabling staff to spot spoof emails. There are also phishing websites that use Domain Validated SSL Certificates to make their sites look genuine. So training staff in all of this could be money well spent. You might also want to make sure your own website is HTTPS enabled. 

If you really take your security seriously, you’ll make sure each device on your network is individually named, you’ll have an incident response procedure set up, you’ll even employ a hacker turned gamekeeper. Above all, make sure everything is backed up to an external location...and take out Cyber Insurance, just in case!

comments powered by Disqus