6 tips to safeguard your small business from cyber criminals
Shamini Schaaf, head of Tarsus Academy, gives six common sense tips that can help your small business secure its systems and data from information security threats.
Cyber crime is a growing threat to small and medium businesses as criminals target their bank accounts and proprietary information. The consequences of falling prey to malware or a hacker can be devastating for a small business: loss or theft of sensitive information, permanent damage to customers' trust in the company, hours of lost productivity, and even heavy financial losses.
For a small business owner, staying ahead of relentless, well organised and sophisticated cyber criminals may seem like a daunting task. These common sense tips can help your small business secure its systems and data from information security threats. Training from a company like our partner, Wolfpack Information Risk, can also help prepare your IT team for the challenges of creating a strategy for today's complex information security landscape.
1. Remember that people are always the weakest link
As important as it is to invest in robust security software, remember that your people are the most vulnerable point in your company's infrastructure. That's why you should invest in educating them about information security and put your information security policy in writing.
Basic training courses can help employees become more mindful of the many scams that exist - from phishing e-mails that try to entice them to surrender their passwords to phone calls from fraudsters looking for personal information. Make sure that your staff understands that:
* Organisations such as your bank will never ask for login details over e-mail or the phone.
* They should never follow an e-mail link that prompts them to log in to a bank or online account - it might be from a phisher.
* They should be vigilant for signs that an e-mail isn't genuine: obvious spelling and grammar mistakes, a mismatch between the e-mail domain and the company name, or a promise of money that's simply too good to be true.
* They should be careful of the permissions they give mobile apps, especially if they use their mobile phones for work.
2. Keep your software up to date
Software updates often contain critical security vulnerability fixes which close off holes that hackers might exploit to gain access to your systems. It's thus wise to activate automatic updates for all your software, including your operating system (Windows), antivirus software, Adobe Reader, Adobe Flash and Java. Use applications like Update Checker and AppFresh to see if your other applications are up to date.
3. Install antivirus on all devices
With the plethora of malware that currently exists on the Internet, it's essential to download and install either a commercial or a free antivirus. More comprehensive products will include tools such as firewall, parental control and anti-spam in addition to the malware protection.
4. Don't open email or attachments from untrusted sources
Be wary of e-mail attachments from unfamiliar e-mail addresses; be careful of opening executable files even from people you know.
5. Be mobile app savvy
Don't be complacent about mobile apps - occasionally something dangerous can slip through the approval process on the official Google and Apple app stores. Be wary of what permissions app seek to access your personal data - why should a weather app want access to your contact list. Also, don't jail break or root your device so you can run pirated software - this will expose you to a larger risk of malware, quite aside from the legal and moral issues.
6. Create strong passwords
Password-protect all your devices - laptops, mobile phones and tablets - so that other people can't access them without your permission. Create strong and unique passwords, preferably different ones for different devices, apps, and online services. You can use a password manager like 1password to manage the challenge of remembering different passwords.
Ensure your passwords are strong so they can't be easily guessed or cracked: they should be longer than seven characters and make use of a combination of lower case, upper case numbers and special characters (e.g. @ # $ % !). Don't share your password with anyone or write it down. For an extra layer of security, use two-factor authentication. This means setting up your apps and services to require both a password and a one-time PIN (sent via e-mail or SMS) or a fingerprint.