Cyber security tips

Cyber Security Tip 1: Remember, It Could Happen To You!

The first and most important of our cyber security tips is to never assume you won’t be a target. Smaller companies will often have the mindset that their data isn’t important enough to be hacked. Small-to-medium businesses are attractive victims to hackers, as they typically won’t have the same level of defenses as larger companies.

If your company has money or data, it has a bullseye on it just as large as any other company. This data includes passwords, client information, sensitive email threads, etc. Thinking it’ll never happen to me makes you complacent and likely to drop your guard. Always assume you are a target, and that the internet trolls are out to get you. Take the time to know and understand your assets (where a breach is most likely to occur). You can even perform threat-modelling exercises and put practical protection measures in place.

Cyber Security Tip 2: Practice Good Password Management

Strong, lengthy, random passwords with various character types, including upper and lowercase letters, drastically reduce the likelihood of your password being guessed. Refrain from using the same password for multiple sites and accounts, even if it’s a complex password. Also refrain from ever sharing your password with anyone, including a family member or close friend. Consider using a password management system, like LastPass. This password manager should be used in lieu of writing complex passwords on a post-it note or in your notepad.

Also use two-factor authentication (2FA) wherever possible, especially on internet-facing systems. 2FA can do wonders for your business’s cyber security. Even if a hacker has a password, they won’t obtain access to an account as a second level of identification is required. Ensure your employees follow the same protocols. The IT team ― internal or external ― should set up the password manager and 2FA on staff desktops and any other devices they use for work, including BYOD (bring your own device). This will ensure that, even if an employee has a weak or reused password, it won’t jeopardise company data. Periodically updating your passwords, at least every six months, is also a necessary measure to take to practice good password measurement.

Cyber Security Tip 3: Practice Sensible Internet Browsing (AKA Don’t Click the Dodgy Links!)

Be aware of safe sites and links, learn to recognise phishing attempts in emails (basically never click the link!), and ensure your employees practice safe browsing, too. Simple things like don’t share your password online should be reiterated. Employers and employee’s should be suspicious of potential malware at all times, as opposed to only considering the presence of malware when there are obvious signs.

Always remember to be careful what you click. Harmful links may appear via email, as pop-ups, or as unexpected attachments. Never let your employees freely download software onto their work computer. This could lead to downloading software from untrusted sources that host malware, compromising the device without anyone realising it’s happening.

Cyber Security Tip 4: Enable System Access Only As Required

You should regularly evaluate system access and ensure staff only have access to the data or networks required for their job. Wherever there is staff turnover, ensure their access is removed and be sure to require two-factor authentication for said access. Mobile application management will ensure that previous employees will not be able to access company data and accounts on their BYOD after they have left the business.

A good rule to follow is to only allow staff the minimum amount of access they need, never the maximum. Also don’t allow for blanket access across teams or departments, unless every member needs it to do their job. Make sure that you restrict administrative privileges, just giving them to the minimum amount of people you need to. User accounts with these privileges are attractive targets for cybercrime, as they hold a high level of system access. Minimising privileges makes it more difficult for an adversary to spread or hide their existence.

Cyber Security Tip 5: Be Wary of External Devices