Running a small business involves wearing several hats: chief of sales, project manager, marketing director, head of accounts, cleaner and chief dogsbody.
With the never-ending to-do list, it’s possible you have forgotten one of the most important roles of all: chief information security officer.
2017 saw some of the worst cyber attacks in history, a sign that hackers are getting ever more sophisticated and insidious with their methods. Sadly, security firms are constantly on the back foot.
In July 2017, 145 million records held by data broker Equifax were leaked. The exposed details included people’s social security numbers. This is thought to be one of the worst hacks in history due to the sheer volume of personal information obtained.
Wannacry hit the news headlines after the ransomware breached data in over 150 countries. The businesses affected were using out of date Windows systems. Not only did this have financial implications, but NHS patients were put at risk by delayed operations.
Sometimes the biggest attacks on data exploit human error. Due to an incorrect setting on an Amazon server, voting software company Election Systems and Software unwittingly leaked 1.8 million US voter records. Luckily it was a security researcher who raised the alarm, but the consequences could have been dire had the discovery been made by a malevolent hacker.
WHAT YOU CAN DO TODAY
You can no longer hide under the duvet from a cyber attack. Gone is the time for praying it won’t happen to you. Know that it probably will, so you have to be proactive in limiting the damage.
While the following measures cannot protect you 100%, you can at least diminish the possibility of a leak caused by a rookie error.
Use a password management service
Most passwords are incredibly weak and easy to guess. Even complex strings of letters and numbers can be cracked by programmes designed to aid hackers. With password storage software, you can keep all your logins safe and generate larger, more complicated passwords. The best bit is you only need to remember one set of credentials. If you make this compulsory to your employees, this will protect your business accounts such as your website logins, email, CRM platform and cloud-based storage services.
Use two factor authentication
Two factor authentication adds another security layer to the login process. When you enter your username and password, you can opt to receive a code via text on your mobile just to make it that bit harder for potential hackers to access your account with a password alone.
Encrypt your company’s computers
If one of your computers gets lost, stolen, left on a bus or isn’t wiped properly when it’s no longer in use, then you have a problem. A password screen on booting up your computer is not enough to protect you from thieves exposing your sensitive information. Using a feature such as Bitlocker Drive Encryption on Windows PC or FileVault on Mac iOS, you can keep the data secure when your laptop falls into the wrong hands.
Regularly back up
Whether you decide to make physical backups onto a hard drive, or use the Cloud, creating copies of your files is necessary in case you fall prey to a ransomware attack, meaning you can no longer read your files without paying the hacker to unlock your computer.
Buy an SSL certificate
An SSL certificate enables the https protocol, and encrypts data passing from your user’s computer to your server. This helps keep your customers’ data safe from being intercepted in transit, especially if they are submitting credit card details or other highly personal information.
Take steps to become GDPR compliant
The General Data Protection Regulation replaces the 1995 Data Protection directive and will be implemented in May of this year. This will force marketers, information officers and senior management to reassess how they are using people’s personal details and why. It will also ensure greater transparency when it comes to customers requesting to view their records or have them deleted.
Instead of looking at it as a headache, see it as an opportunity to tighten up your data collection processes. The less information you keep in your data warehouse, the less there is to be breached should an attack arise.
The advice above is not exhaustive and will not guarantee 100% cyber security for your business. By following these steps, however, you are patching up potential vulnerabilities that could otherwise be used against you. Think of it as locking your door – It can’t prevent a break in, but at least you are not leaving yourself wide open to attack.
Bold Online Marketing can help you implement steps 5 and 6, so contact us today to find out more about how we can help you keep your company safe.