It’s vital to put into practice the basic steps to keeping your business and customers safe online in all stages of business development, whether you’re a new start-up or an established business.
With ever-increasing threats to online security, you know you need to keep your business secure but it can be daunting to know where to start and what needs doing.
Here are 10 steps that you can follow to keep your business safe online.
1. Manage risk
Think of cyber security as a continuous process, especially as threats are constantly evolving alongside technology. The following steps should be used repeatedly to keep your business secure.
Think about three key areas; what your assets are, what the risks to your business are and what you need to do about these risks. Get started by creating a list of your assets that need protecting, such as laptops or data on your customers. Then think about the risks that might impact them and what you need to do to mitigate. You’ll build up a list of actions that you can prioritise to make your business more secure.
2. Creat strong passwords
Passwords are used to keep vital and confidential business information secure, and while it can be tempting to use the same passwords across many logins and accounts, this can put your business at risk.
Change your passwords at least every 6 months and make sure each one is strong, this means no common passwords like 12345 or qwerty. Here’s a few tips on how to create a strong password, and don’t worry there are password management services to help you remember them all!
have a minimum of 8 characters
avoid common passwords such as ‘password1234’
don’t use number sequences or repeat numbers like ‘1234’ or ‘1111’
think of a phrase rather than a single word, for example ‘I love green apples’ is more secure than just ‘apples’
use mixtures of uppercase letters, numbers and symbols, for example ‘I love green apples’ could become ‘il0v3egr33n@ppl3s’
3. Take steps to prevent viruses
While computer viruses aren’t a new concept they are becoming more sophisticated, and your business is vulnerable to attacks regardless of your size. One key step to preventing viruses is to understand how you could get infected, for example:
opening attachments on suspicious emails
clicking on links in suspicious emails
downloading files (normally free) from untrusted sources
accepting or clicking on pop-ups when using the internet
connecting a USB stick from third parties
Installing a trusted antivirus software and ensuring a firewall is active is a simple step to protect your business from viruses. Make sure you read customer reviews of the software to help assess what’s good (and what’s not so good).
Following your gut instinct is an easy, but important step to take, if you’re not sure you should open an email or click on a pop-up, the short answer is don’t!
4. Keep security settings up to date
Regardless of the type of computer you use, from Macs to Windows, you need to ensure all your software is up to date. This includes updating trusted programmes as soon as you’re prompted and not being tempted to postpone any recommended updates.
You should also consider how you can protect your business equipment and whether it’s really as secure as it could be. For example, do you have all the serial numbers for your computers? And, are you backing up your data regularly?
You’ll also need to secure how you’re using your business equipment, such as having the latest web browser, activating pop-up blockers, using trusted domain name providers and encrypting all confidential data.
5. Browse and share safely
If you own a small business, you’ll probably find yourself out of the office at some point and needing to work from multiple locations. In these types of situations, from meeting clients to fitting in personal commitments, public Wi-Fi can prove invaluable, just remember it is public so other users could potentially intercept what you’re doing.
If you need to share documents and data, encrypt all personal and confidential content in a way so only authorised parties can access the information.
You might also want to use cloud services to host your files, as the information then doesn’t sit on your machine and they’re often cheap and convenient. Look at services offered by Google, Dropbox or Microsoft OneDrive but make sure you invest in their security features.
Lastly, browsers are pretty good at letting us know when something looks suspicious, so make sure you pay attention when they do.
6. Secure your equipment
If you, or your employees, use your own equipment for work there are some essential steps to follow to keep secure, including:
checking all business files are protected and encrypted when necessary
setting a password or biometrics (e.g. fingerprint recognition) for all devices
think about installing mobile antivirus software
making sure all passwords and permissions are updated when an employee leaves the business
enabling remote wiping and search tools in case devices are lost
7. Think about peripherals
Portable devices, like USB sticks or hard drives, do have their uses when it comes to storing and transferring business information, but they also have their drawbacks – especially as they’re susceptible to picking up viruses.
Think carefully about whether these devices are really valuable to your business. If they are, you’ll need to make sure the data on them is encrypted. Some devices have their own encryption or you can use software such as PGP or VeraCrypt.
8. Train your employees
If your business has employees, it’s essential they’re trained and have up to date knowledge of your security policies. Good training should cover all fundamental bases and outline clear codes of practice, like these examples:
potential cyber threats
main risk areas
consequences if security is breached
staff roles and responsibilities
legal issues and criteria that might apply to your business so employees understand why they must comply to guidelines
9. Keep monitoring
You’ll need to set aside some time to regularly check your logs to ensure important systems are performing as they should be. By monitoring your security software as it detects and records suspicious activity you’ll know of threats as soon as they’re identified.
Try and get into a routine of checking the logs of your operating systems and email on a regular basis, as these can provide you with information into who is accessing them and what their activity is.
10. Manage security incidents
You might need to roll back your software if a security incident occurs, so make sure you run regular backups to protect data from loss and ensure you’re meeting your legal obligations. Backups involve copying your information to another location and are fundamental when it comes to securing your business information and safeguarding.
Unfortunately, employees can also cause security breaches, but creating a clear policy including how they should use the internet will be a definite help. If a breach then does occur, you’ll have the documentation should you have to consider defending against harmful activity or taking disciplinary action.
Although keeping your business secure online can seem a daunting prospect, there are some simple steps you can take to become more secure online, as this post demonstrates. And, there are also plenty of great resources and guides that can help you with these steps in more detail, so why not make a start by identifying current risks to your business or taking another look at your passwords?
Cath Goulding is Head of Information Security, Nominet UK and Board member of the Women’s Security Society.
Cath Goulding has over 15 years experience in the cyber security profession having worked for both UK Government and the private sector. A thought leader in her field, she frequently speaks at security and internet conferences and has provided articles and comments for multiple publications. Her career was recently profiled in the Financial Times and she was interviewed by BBC world promoting women into the IT profession.
Cath currently works as Head of Information Security for Nominet UK, the internet company best known for running the ‘dot.uk’ registry, as well as Welsh Top Level Domains .cymru and .wales and 35 other branded and generic TLDs. Prior to joining Nominet, Cath worked at GCHQ holding a variety of posts in the field of cyber security. Cath has a BSc in Mathematics, an MSc in Human Computer Interaction and is CISSP qualified. She was awarded security champion at the women in IT awards 2015 and sits on the board of the Women’s Security Society.