Implementing effective cyber security measures is a huge undertaking for any business. The amount of time and resources it can take to learn the ever-evolving, intricate cyber security landscape is the very reason why so many businesses fall victim to cyber-attacks every day. This is why we’ve been helping businesses in various types of industries, from our hometown in Glasgow and beyond, with their cyber security strategies.
We understand that delving into our in-depth and expansive programmes, such as our Cyber Essentials Consultancy, can be a daunting prospect. Due to this, we’ve compiled some great day-to-day online security tips to keep you and your business safe.
Social Engineering (Phishing Scams/Attacks)
- Do not open any unknown emails or attachments (treat emails like attachments – only open the ones you expect and which come from genuine sources).
- Do not reveal any sensitive information over the phone, email etc. Seek verification or confirmation, be suspicious of anything unknown and unusual.
- Be aware of Phishing scams (impersonating companies like Amazon). Check for misspelt email addresses or wrong addresses. If you’re interested, you can check out our 3 Most Common Phishing Scams & How to Spot Them article to find out more.
User Access Control Within Your Business
- Record privilege levels of each user – who can access what and why do they need it?
- Restrict privileges to least amount required for their job
- Daily tasks should only be carried out on standard user account
- Administrator accounts should only be used for PC configuration changes, installing software and system administrative tasks
Safe Internet Use
- Be wary of using public WIFI. Avoid using it for sensitive tasks, like business and banking
- Consider using a VPN at work, home and particularly in public
- Use a known, safe & trusted internet connection wherever possible
- Consider using your own mobile hotspot as a safer option in public
- Website security certificates do not guarantee the website is safe
- Always change default passwords, especially on your router
Safe Use of Software
- Install new operating systems and software updates as soon as they become available
- Stop using unsupported phones or PCs. Upgrade if required
- Always acquire software from reputable sources
Malware Protection
- Ensure all devices have good malware/antivirus software installed
- Keep virus definitions up-to-date
- Ensure all devices have a firewall enabled
- Use the most secure mode available
Backups
Make sure you have a backup of all essential files to operate your business, in case of an emergency.
There’s a good tip called the 3-2-1 rule which you can bear in mind.
- Make 3 different copies of your backup
- At least 2 different media types – hard drive, cloud storage, even on CD
- Keep at least 1 of your backups off-site (different office, at home, in the cloud)
Security of Your Website
- Website and e-commerce shop window should be monitored and protected by a web firewall
- Use software and/or secured with firewall (essential when you take payment over website)
- SSL and encryption of customer bank details is a must have
Strong Passwords Are Really Important
Strong Passwords should consist of a mixture of:
- 12 characters or more
- Uppercase and lowercase letters
- Numbers
- Symbols
Here’s Some Top Tips for Keeping Your Passwords Safe
- Change your default passwords (devices and software)
- DON’T give your password to anyone within your organisation. They have all got their login and password they can use. No one should ever ask you for your credentials, it’s crucial as by login in with your details they can impersonate you or get access to things they shouldn’t
- DON’T make obvious choices like your nickname, child’s name, birthdate, spouse name, pet name, make/model of car, or favourite expression. These make it easy for hackers to compromise
- Don’t write your password on a sticky note and attached to your screen and void storing passwords either digitally or on paper, as such information could be stolen
- DON’T use your favourite sport as a password — “baseball” and “football” are among the top 10 worst passwords, and “hockey,” “soccer” and “golfer” are in the top 100
- DON’T include all or part of your username, first name, or last name
- DON’T use an alphabet sequence (lmnopqrst), a number sequence (12345678) or a keyboard sequence (qwertyuop). DON’T use a word contained in English or foreign language dictionaries, spelling lists or common texts such as the Bible or an encyclopaedia
- Use Multi-Factor Authentication, or Two factor Authentication service where possible (Google Suite, Office 365, and many others feature this)
Your Cyber Business Plan with Ascent Cyber
By implementing these measures, you will be well on your way to strengthening your business’s defences against cybercriminals.
But it does not stop there!
These are just the basic must-haves. Cybercriminals are always one step ahead of their victims so it’s important to live and breathe cyber security as part of your day-to-day operations.
At Ascent Cyber, we offer a range of services to help businesses protect themselves from hackers and online threats. We will audit your systems and provide advice on how you can bolster your security.
With our Government-backed Cyber Essentials Certification and Staff Awareness Training, we empower staff to confidently play their part in protecting the business, so you can spend your valuable time actually running your business!
We hope the advice you’ve heard today has given you some confidence to go and start bolstering your business defences.
If you need any further advice or would like to talk to us about any of our services, please get in touch!
Best wishes and stay safe!