The very recent major website cyber breach suffered by TalkTalk has left businesses exceptionally worried. And with the increasing use of the cloud to store confidential data and information, it is no wonder.
Whilst it seems the larger companies appear to be the key targets for cyber criminals, the fact is, the threat extends to companies of all sizes, including the smaller business.
Unfortunately, small businesses tend to lack the resources and policies that are designed to defend against such attacks. Yet because they are increasingly using cloud based services, they still face the same level of risk as larger companies.
So what to do? You need to focus on minimising your vulnerabilities, and implement policies and initiatives that are rolled out throughout the business, including to any remote workers.
Start with Email
By encrypting emails and other communications, you force potential hackers into a fight against a secondary layer of security. Generally they won’t bother, preferring to move on to an easier target.
Be Strict with Password Policies
Set a companywide policy on passwords and ensure everyone who uses technology is trained. Introduce them to smart passwords that contain unusual characters and a combination of letters and numbers. NEVER use any passwords that can be associated with a user such as dates of birth and always vary passwords across different platforms. Needless to say, passwords should NEVER be written down. It is important to keep check of passwords so that you are in full control so think about using a management platform such as LastPass, PassPack or 1Password.
You may also further strengthen security by using a dual layer password system where possible, so that users have to enter a second set of characters in order to login. Wherever available, enable these features.
Be Aware of and Train on Warning Signs
Make sure that each and every member of staff is trained to identify potential cyber threats such as bogus emails or phishing scams. Email providers are getting better and better at detecting dubious emails, but some still find their way past the junk folder. Train staff to be on their guard for emails that ask them to click on a link to verify their account details, or enter bank or credit card information. They should be wary of suspicious looking attachments, in particular zipped up files that could contain malicious software. And emails filled with bad spelling are a big warning sign too.
Make sure these emails are never opened or actioned and that all bogus emails are reported as spam. The domain can also be blacklisted from your email settings. It is well worth considering using an email scanning system such as Avast or AVG.
Choose a Robust Firewall
It is imperative that every device, including PCs, laptops, tablets and mobiles, is installed with firewall and anti-malware and spyware software so that any potential threats can be quarantined and deleted before they turn into a problem.
Don’t forget that hackers can get through mobile apps, and also telephone systems through toll fraud, which is something we’ve covered previously.