The chances are that however involved you are in your company’s IT, you heard about this year’s ransomware attack. It was by far the biggest attack of its type in history, with more than 45,000 separate incidents being recorded around the world in countries like Russia, China, India and – of course – the UK.
So, what can you do to protect your company should such an attack happen to you? Luckily, there are a number of different approaches you can take to try and keep your business safe online. Follow any of these tips, and your internet security will be in far better shape.
Tip 1. Train your staff
Perhaps the number one way of keeping your online business safe is to make sure your staff are well-trained. A large amount of modern hacks rely heavily on human error. That is, hackers will try to trick you into taking a specific action – such as downloading some software or clicking on the link – that will then allow them to begin the attack.
The more aware you make your staff of the approaches hackers use, the less likely they are to make these mistakes. This, in itself, will immediately reduce the risk of your company suffering an attack. Prevention is better than cure.
Tip 2. Have a security policy in place
It’s surprising how many companies neglect to create an official security policy; that is, a living document that specifies company rules for ensuring online safety.
An effective security policy should be usable by everyone in the company, from the IT department through to more general employees. (It should also be suitable for any third-party auditors.)
With information being shared more and more online, it’s important for policies to be flexible enough to allow for shared data. However, policies shouldn’t be too open, otherwise, anyone could access the information and use it maliciously.
Tip 3. Use high and multiple passwords
Applying effective passwords to your IT systems is simply essential. Despite the risks of using the same password in multiple places, or of using shorter ones, hundreds of companies around the world still don’t enforce the use of effective passwords.
Good passwords should be different across multiple accounts, especially if the company itself uses multiple software packages, and passwords should always combine special characters, letters and numbers to ensure complexity.
Remember, sharing passwords on multiple sites means your security is only as good as the weakest one. This is a simple tip, but don’t under-estimate it.
Tip 4. Back everything up
It is essential for a business to back up their data effectively.
The risks of not doing so are huge. Your business could lose its tax records, its list of website passwords, all previous work, time-keeping records, programming code, marketing materials and a host of other invaluable information.
The consequences for losing any of the above could range from bankruptcy to legal action and in some scenarios even prison time. Fortunately, backing up data in 2017 is a lot simpler than it used to be, so there’s no excuse for not doing so.
Tip 5. Protect your mobile workforce
Mobiles account for more internet usage than desktop computers. Despite this, many people still underestimate the importance of mobile security.
Don’t make this mistake: if you link company mobiles up to your software, you need to ensure you have mobile-specific security in place.
You’ll need to use mobiles that support encryption – not all of them do – and ensure that any third-party apps you use to transfer data or communicate are constantly updated to avoid any security holes.
Needless to say, you can ask your chosen security firm for advice on mobile safety if you’re unsure. Again, don’t underestimate mobile security; you’d be making a big mistake.
Tip 6. Encrypt your data
Encryption is a no-brainer when it comes to digital security. Despite this, many firms still make the mistake of not including it as part of their process.
There are numerous benefits to encryption. It completely protects data and can ensure security across multiple devices. What’s more, it will allow you to transmit information securely, which is a big deal in today’s digital-only world.
Finally, encryption will ensure your company complies with any legal security requirements. Put simply, no company should attempt to do without encryption protection in 2017.
Tip 7. Don’t open suspicious e-mails
As we mentioned above, a lot of modern hacking techniques rely on you taking a specific action. E-mails are one of the most common methods used. Hackers are capable of creating high quality, authentic-looking e-mails that mimic services you might actually be using. (E-mails purporting to be from major companies such as eBay, Amazon and Paypal are a regular occurrence.)
If in doubt, don’t even open any email that’s unsolicited, and if possible ensure your staff avoid using their personal e-mail at work: this way, you’ll be able to obtain some control over your network.
Tip 8. Use confirmation by phone
Phone number verification is becoming more and more common, and you should always use it where you can. By forcing anyone logging in to confirm their identity via either a phone call or text message, spam attacks by bots or fraudsters are more or less rendered useless. If they don’t have access to the phone linked to the account, there’s nothing they can do! Needless to say, you need to be careful in looking after the linked phone if you take this approach. Be sure to keep it on you at all times.
Tip 9. Use two-step authentication
This is another security protocol that’s become more and more popular in the last few years. Two-step authentication requires anyone attempting to access a password-protected area go through a second additional step, such as typing in a one-step, instantly generated password sent to a linked e-mail address or a mobile phone. (Or even a specific device; a common approach taken by banks.)
Essentially, two-step authentication is now used as a precaution in the same way security questions used to be (Unfortunately, the rise of sharing information across social media has rendered security questions less effective).
Tip 10. Use cloud-based – rather than desktop-based – software
Cloud-based software is nearly always the much safer option, with companies offering the technology at the cutting edge of the security industry. We’ve said it before, but it’s worth re-emphasising: the majority of data leaks come as a result of human error.
Therefore, it makes more sense to rely on the cloud rather than on moving data around using USBs or by sending e-mails back and forth. Cloud providers have the economy of scale: they have the budget to build high-quality security systems that most smaller firms simply don’t have access to.
Safety patches and updates can be rolled out immediately. Finally, of course, cloud systems make use of far more powerful encryption than most individual PCs.
Tip 11. Provide high quality, easy-to-use protection
At Commusoft, we provide easy-to-use security systems that’ll allow you to control access to your company’s data and services. You’ll get access to seven different security options, so every staff member can be assigned access to suit their role.
Whether you’re a small company wanting to limit your engineers’ access to confidential information, or a large enterprise wanting to assign specific custom security preferences to specific people, Commusoft’s smart security system will keep your business-critical data safe.
It is also important to remember that data security and privacy aren’t just a nice-to-have. They are required by various national and international legal and industry mandates and you have a general duty of care to customers and employees. Commusoft gives you the tools to ensure that you are compliant on data protection.
If you’d like to know more about Commusofts' software, watch our 15 minutes demo: