Tips to keep your business safe as it expands
By Asher de Metz, Lead Senior Consultant (Information Security), Sungard Availability Services (Sungard AS)
This may surprise you, but growing companies are the perfect target for cyber attackers. That’s because they’re just becoming large enough to have data and financial resources worth going after, while often not yet having the infrastructure in place to implement sufficient security measures. This makes them an easy target compared to large multinationals, who usually have the budget and resources to protect themselves effectively.
If that’s where your company is at now, this is probably the last thing you want to read. You’re just starting to make enough to pay the bills, so you hardly want to be splashing any extra cash on cybersecurity. If you’re wondering what can you do about this that won’t take up too much time or cost more than you can afford, you’ll be glad to know that we’ve rounded up some simple advice to help you make your company safer online.
Here are our top ten tips:
1: Make sure software is always up to date
The updates that software providers offer include improvements to security in response to the latest identified risks. You should keep all of the software you’re using up to date – as well as anti-malware, this includes operating systems, applications, browser plug-ins, and firmware. Don’t delay before implementing these updates – the longer you wait, the more chance you have of placing your systems at risk. Just double-check that all your software is set to update automatically, which will save you the headache of constantly checking.
2: Keep your passwords secure
Sometimes the biggest security risks are the most obvious things. Using passwords that are easy to guess is a classic error that can land you in serious trouble. Avoid using the same passwords for multiple online locations, and then use a password manager to keep track of all your passwords for you.
3: Implement security measures for mobile devices
Many organizations fail to consider the potential for security breaches on the smartphones and tablets their employees use at work. Simple measures you can take include locking devices to prevent opportunistic thieves from gaining access to sensitive data, and encrypting the data so that more advanced hackers are unable to get hold of information that may compromise your security. You should also make use of the built-in tracking software, which enables you to remotely lock or wipe devices that go missing – this software comes as standard with iOS and Android.
4: Take care when installing new software
When downloading and installing new software or plug-ins for your browser, it’s always advisable to proceed with caution. Free software and applications from a provider whose name isn’t recognized and trusted can often contain spyware or even install harmful programs on your computer. You can ask your system administrator to apply settings that only allow staff to install approved programs.
5: Don’t get caught out by phishing
With so much awareness about phishing, it’s surprising how many people still fall for it. Make sure your staff is vigilant about any emails asking them to click on links or open attachments, even if they seem to be from legitimate sources. Phishing scams are becoming increasingly elaborate, and sometimes it can be hard to tell the difference between a genuine email from a bank or other organization and a fake one. Once you click on a link or download a file from such an email, you could end up with unwanted software or scripts running on your computer.
6: Watch out for ransomware
Hackers are constantly finding new and clever ways to take advantage of businesses that fail to keep themselves secure, and ransomware is a method that is becoming increasingly common. Ransomware uses a virus to encrypt and hold your important files hostage, so to speak, refusing to release them back to you until you pay up.
You can protect yourself against this by using the 3-2-1 rule: store three copies of all important files in two separate devices, one of which is in a different physical location and not connected to other back-ups. Using cloud storage is a simple and increasingly secure way to do this.
7: Maintain privacy when out in the open
As well as in the office, you need to keep your data safe when your staff are working remotely. To offer them a secure, encrypted connection to your network with access to files, applications, printers, and other resources, you can set up a virtual private network (VPN).
This will also protect your staff from hackers when they’re using public Wi-Fi hotspots, which can be particularly vulnerable to attack.
8: Don’t over-use your privileges
Administrative privileges give you permission to change configuration settings and install software on your systems. If you have these privileges, you should only use them when you actually need them, rather than logging in to an account that has your privileges activated whenever you use your computer for every-day activities. If you’re logged in to an account that doesn’t have administrative privileges, you’ll be notified when a program is trying to install software or change your settings, so you can give permission at this point in time if you’re sure that it’s safe. Setting up tiered administration throughout your organization allows you to make sure that your staff only have permission to carry out activities relevant to their rank and job description.
9: Share files where possible
Sharing files using secure cloud storage services or file-sharing apps is by far the safest way to send files to your staff. This is because you keep more control over the file than when you sent it by email, and you can track as it gets modified. It also allows you to send a link to a file and limit who can access it and how long it’s available. Once you send a file by email, anything can happen to it – it could be forwarded to someone who shouldn’t see it, or stored in an insecure location.
10: Use advanced authentication
These days, there are many emerging methods to keep your data safe that go beyond the use of a password – and measures like fingerprint readers and iris scanners are becoming increasingly affordable. If it’s simply that important that your sensitive files and information don’t fall into the wrong hands, these could be worth investing in, because not only are passwords hackable, they can often be easily guessed or given away by mistake by your staff.
If you want to find out where your main cybersecurity vulnerabilities lie, you may want to try penetration testing. It can be a scary or unsettling experience to find out how unsafe your systems are, but discovering where you can improve your security, and then implementing the required measures to do so, could save you from a fate much worse. In the meantime, following the tips above, along with a bit of common sense, is a good start.
About the Author
Asher de Metz has approximately 20 years of experience in the cybersecurity industry consulting to some of the world’s largest companies in all of the top vertical markets. Starting in London he has worked across Europe, the Middle East, and has spent the last 8 years in America working for Sungard Availability Services where he runs the Technical Security Practice.