8 Tips for Keeping Your Business Safe Online
Worried about online fraud and cyber attacks? Find out how you can ramp up your company's security ...
Cybercrime continues to hit the headlines with the latest stats revealing over five million instances of online fraud in the last year alone and you may even have been a victim without realising it. Indeed, one of the key methods used by virtual thieves is to steal small amounts from multiple victims, so they are rarely discovered until it is too late.
And did you know, you are also responsible for your customer’s information as well, facing hefty fines if you breach the data prevention act, so it is vital to stay safe online.
IT and technology move at such a fast pace and it can be confusing to keep abreast of new and emerging threats, so that’s why I have created these eight tips to keep you and your business safe in the virtual world.
1. Keep your infrastructure defence systems up-to-date
There are a number of different types of defence systems businesses can have in place but as hackers are constantly evolving their methods of attack it’s important that your software is also evolving with these new dangers. The E-crime Home Affairs Report found that 80% of cyber-attacks could be stopped through what it called ‘basic information risk management’ i.e. you!
2. Ensure good password practice: Password protection is the lynchpin of security
Have rules in place that define password expiration, minimum length, use of the full symbol set and a policy on resetting forgotten passwords for your external customers. Aim for a minimum of eight characters with a random set of upper and lower case letters, symbols and numbers, and use different passwords for different applications or services.
3. Don’t underestimate the importance of having an IT policy, it is vital in the current climate of cyber attacks
Your business’ IT policy should be a set of guidelines that all staff understand and buy into and your policy must be concise to ensure it is read and understood (a couple of pages are often sufficient). Everyone who has access to your systems should adhere to it, in and outside the office, as remote working can be where your systems are most vulnerable.
4. Avoid using a public network when possible
You are better protected if the network you are connecting to has encryption in place (normally shown by a padlock beside the network name). Better still use a virtual private network (VPN) that you can set up for working remotely. All modern browsers will show the status of website security, normally in the address bar.
5. Check you’ve not already been hacked
A good way to tell is whether small amounts of money have gone missing in either yours or your customer’s transactions. This is because cyber-thieves often target huge numbers of businesses, taking only small amounts so they can accrue large sums undetected.
6. Be e-crime aware and on your guard
Businesses need to be constantly aware of what’s happening in their own organisation. For example, the growth of mobile communications means that the majority of staff may be carrying confidential company data (such as emails, contact details) in their pocket via their phone. Every week, nearly a thousand laptops go missing at Heathrow and only half of these are recovered.
7. Review your security on a monthly basis – cyber criminals act quickly and you need to as well
They are constantly looking at new ways to hack into systems and that’s why you need to ensure you are up-to-date to avoid being vulnerable. ‘Phishing’ attacks, where emails are sent purporting to be from a bank or other service provider, trick victims into providing user names and passwords on a convincing but phoney version of the actual provider’s site. Always be sure you are on a genuine site by entering the website address directly into your browser address bar rather than clicking links in emails.
8. Identify what IT is critical and have a recovery plan for both yourself and your customers
You should plan for all potential emergency situations and consider different options for backing up your critical system data, both online and offline. Even if you are not a transactional business remember hackers could be after your intellectual property –everything from your client list to new business ideas – so be careful.
Finally, a word of warning. If you are dealing with customers, they are also at risk and that is also your responsibility. Under the UK Data Protection Act, companies are responsible for all data they receive from the moment they acquire it to when it is destroyed. It can be catastrophic if e-criminals get into your database. When cyber thieves hacked the financial details of 23,000 Sony customers, it cost them $172m and a nine per cent drop in share price before it was put right.
There have also been many more recent instances of cyber-crimes, such as the TalkTalk hacking and those celebrities who live in fear of what may appear next from the cloud. It will be interesting to see how those stories develop. In the meantime, take my advice and stay cyber-safe.
This post was written by Daniel Mitchell, co-founder and director of Lifeline.