7 more deadly sins of Cyber Security
With Data Privacy Day making its annual return on January 28th, now is the perfect time to review your businesses’ Cyber Security set up– which is why we’ve just released our new and improved ‘7 more deadly sins of cybersecurity’ –a follow up to part 1 that you can find here if you missed it!
As well as having significant financial implications, data breaches can also massively jeopardise a business’ reputation if valuable employee and/or customer data is lost or stolen. Data security for businesses needn’t be expensive or time consuming either, so there really are no excuses!
With this in mind, here are the latest Cybersecurity tips you need to know:
Sand box your web surfing
Allowing your staff to visit any website they wish can have serious consequences for the security of your system. Whether they go direct or a via a link in a website, the consequences of even just arriving on a malicious site can be quite severe. Make sure all of your web surfing is protected by a “sand boxing service”. Using a sand box will mean that your web traffic will be redirected initially to a test site (or a sand box) which will check to make sure there is no malicious code in the site you are trying to visit. It will also check to make sure the site is not on industry black lists of dubious Internet locations. All of this happens in a fraction of a second. You won’t even notice, but you will be protected.
Test your backups
Your business may already have a backup systems in place, but how often do you test it? This is definitely something many business owners neglect; however it’s imperative to ensure that you test your systems regularly. Most experts advocate for testing at least once annually and whenever there's a substantive change to the business or technology infrastructure. If you don’t have the time to do a backup yourself, there are many reputable suppliers who can do this for you. Finally, it’s vital you have business continuity and technology disaster recovery plans in place.
Use different passwords for external sites
In business, you will often need to register for products and services online - where you’ll be asked to submit a username and a password. Whenever you do, you must use a username and password that is different to the ones which you use to log in to your own local system. Once you have registered your details to an online site, you have no control over how that information is shared. If that external site is hacked, and you used your local system username and password, that information will be available to hackers and scammers - and your local system will be vulnerable to attack.
Remember - in the cloud doesn’t mean it’s backed up.
Some people think that storing data in the cloud means that it is backed up – unfortunately, this isn’t the case. Storing data online is just like storing it on your own PC. If anything happens to that data: if someone deletes it, if the server it is stored on malfunctions, or if you get a virus - you’ll lose it for ever. This applies to even the recognised services like email on Office 365. Make sure that you have a reliable backup routine in place for all of your online data.
Do the small bit of money test
Be very careful who you send money to. If a new supplier asks for a big sum of money, or an existing supplier changes their payment details - make 100% sure that you are sending the money to the correct place. If in doubt, transfer a small amount of money to the supplier first and verify that they have received it safe and well. Make sure you talk to someone whom you know and trust to verify they have the small amount of funds BEFORE sending the remaining (and much bigger) balance to them.
Use of personal devices on the network
You must have a policy which details how your staff’s personal devices are allowed to be used on the company network. Things like personal smartphones, tablets and laptops can cause significant network damage as they often don’t have business-grade security systems and software installed. Create a policy and make sure it is managed properly.
Use rollback software on network PCs and laptops
Users shouldn’t really store data on their network laptops and PCs - but they often do. User devices are also often where a virus begins before it spreads to the network. When this happens, all of the data on the user’s device is at risk and it may need to be totally rebuilt - which can be time consuming and costly. Protect yourself by installing rollback software on your network PCs and laptops. It’s often available as an add-on to virus protection software. If anything happens to your PCs or laptops, you can quickly return them to exactly how they were just before the incident happened.
Create a guest network
Organisations frequently grant visiting users access to their networks - often for Internet and Wi-Fi access. Most modern routers and firewalls allow for the creation of a guest network which isolates guest traffic keeping it separate from the company’s main network. Create a guest network to allow Internet access for visiting users while keeping all such traffic away from your company’s main network - reducing the chances of network infection.