Companies of all sizes need to take note when it comes to online security. Now more than ever IT security is one of the biggest issue’s for businesses, especially for start-ups. According to research, 60% of digital businesses are likely to experience serious service failures by 2020 because IT security risks haven’t been properly addressed. We’re not just talking about hackers from the outside, we’re also talking about staff misconduct or staff breaches. We’ve listed our top tips to help you keep your business safe!
System and Software Updates
Remember the WannaCry ransomware attack that brought the NHS to its knees? In 2017 the NHS saw one of the biggest cyber-attacks to date, encrypting over 230,000 computers in almost 150 countries. The ransomware entered NHS systems through a vulnerability in the outdated Windows XP operating system, of which Microsoft ended official support in 2014. This means that their computers were still operating on Windows XP or early Windows Server operating systems and did not receive the patch that was released for current operating systems, which could have prevented the wide-spread infection.
The moral of the story is to make sure you install all upgrades, updates and security fixes as soon as they’re available. Even if you’re using current versions of operating systems, software and firewalls, don’t rest on your laurels! Keep your eyes open for those all-important updates and act on them ASAP.
Policies and Training
It sounds obvious or perhaps even silly but many cyber-security threats can actually be avoided by having well-informed staff. It’s absolutely critical that your employees are aware of different cyber-security threats and what they need to do to avoid them.
There is a range of free online training courses offered by the government that can help get you and your staff up to speed. They cover everything from dealing with ransomware to correct procedures for data protection. If your staff are well-educated in the threats that are out there, they will know how to keep your business safe.
If you haven’t already, you should write an official company policy document detailing everything to do with your business and it’s interaction with the online world. All employees should keep a copy and regularly refer to it if they are unsure of anything.
Things you might like to cover in your policy:
Rules as to acceptable internet and computer usage at work. This will include sites and programs that are or aren’t allowed to be accessed. It will also cover if or when staff can use the internet or IT equipment at work for personal purposes. It’s often best to limit this kind of use to break or lunchtimes if allowing it at all.
- Guidelines and on how to handle confidential information. This information will depend on your business. It could be customer details, financial transactions or client contact information.
- Password requirements for work networks or user accounts (there’s more on this below.)
- Appointed staff. Employees need to know who to ask for further advice. This might be you or whoever on your staff is in charge of your IT and cyber-security.
User Accounts and Passwords
Many businesses have user accounts. Staff use them to access company PCs and networks. Having user accounts and using them properly can help keep your company stay safe online. Make sure you have a limited number of administrator accounts on your network. Only Administrative accounts can install software and change security settings. So It’s a good idea If only you and relevant staff have these account types.
As with anything private, all user accounts and business network access points should be password protected and you should lay out some company rules on passwords in your official IT and internet usage policy. Important things to keep in mind:
Password strength – A weak, easy to guess password may as well be no password at all! Staff should be told to use strong passwords. That means passwords of at least eight characters. They should include at least one number and one special character.
Expiration – It’s a good idea to regularly change passwords. This limits the risk of them falling into the wrong hands or being guessed. Include an expiration date in your IT security policy so that staff know every 90 days (or whichever you choose) they’ll need to renew their passwords.
Secure it – Even the strongest password isn’t secure if it’s written on a post-it note and stuck to its owner’s computer screen. You need to insist that employees remember their logins and don’t write them down or store them in their phones. Alternatively, there are online password managers which generate and remember all your passwords for you.