Online threats can cause a business serious damage and downtime and preparing and securing your office and point of sale PCs can help reduce the risk of these threats. We consider the following measures to be the most important steps you can take to reduce cyber security risks to your business.
- Update software – including operating systems, web browsers, browser plugins and other applications. Hackers use vulnerabilities in software to access computers, smartphones or tablets. Using automatic updates and installing updates as soon as they become available is one of the best ways to protect your business.
- Use unique and strong passwords or passphrases. Passwords are an important line of defence but they won’t protect your business if they are easy to guess. It is also important to use different passwords across your business – otherwise you are giving criminals one key that opens everything. Use a 3rd party password management service like 1password or LastPass to manage these passwords.
- Install security software and use spam filtering. Security software, such as anti-virus and firewalls are used to protect your business from malicious software, while spam filters protect you and your staff from illegitimate and malicious messages. These solutions are not only a good first line of defence, they can also alert you when things go wrong by monitoring your computer and detecting unusual behaviour.
- Use encryption on computers and mobile devices such as laptops, tablets and mobile phones. By using encryption on your computers and mobile devices, your valuable business information will stay safe – even if your device is lost or stolen.
- Use a secure internet connection and secure your Wi-Fi. Your internet connection provides a channel into your computer that could be exploited for malicious purposes if it’s not protected.
- Don’t use the administrator account for daily tasks. The administrator account allows administrators to do important things like install software or give access to other users. But this level of access can be misused if it falls into the wrong hands. Ideally, this type of account and related access should be limited to your organisation’s system administrator. Ensure that standard user accounts are created for everyone else and used for everyday activities. Only log in to the administrator account when required.
- Disable untrusted Microsoft Office macros. Macros are small programs that automate common tasks in Microsoft Office documents. However, maliciously crafted macros are increasingly being used by attackers to install malware when an unsuspecting user opens an affected document. A common scenario is when businesses are sent bogus resumes or job applications that install malicious software when opened. By default, macros are disabled, but if a document asks you to enable them, make sure it’s from a trusted and known person.
- Create backups daily. Recent backups of your important information are a last line of defence when things go wrong. Get into the habit of creating backups at the end of each day and test that they work as you expect. There are many software backup products available, and some offer backup into the cloud. Make sure you use a trusted company if choosing to backup into the cloud.
- Use the web wisely. Consider making your browsers more secure by blocking access to Adobe Flash Player (or uninstall if possible), web advertisements and untrusted Java code. Then, when you’ve taken steps to secure your computer, take steps to secure your staff. Learn how to browse the web safely and look at providing security awareness training for you and your staff.
Important: While security is everyone’s responsibility in your business, you need to consider information security as a priority in your business plans, and that you have at least one staff member who dedicates time to information security in your business. This person can be responsible for security functions such as creating back-ups, ensuring software is up-to-date and making sure the business is aware of any current threats. Security needs to be a day-to-day concern in your business.