How to avoid fireworks with your IT security

Andy Hinxman gives some tips on keeping your cybersecurity in good order as a small business. 

 How to avoid fireworks with your IT security

Andy Hinxman gives some tips on keeping your cybersecurity in good order as a small business. 

When things go wrong with your IT, it can feel as though you are in the middle of a horror film. The flames are circling. Customers want information. Your staff need to get on with their jobs. Everything has frozen, your personal information has been cloned and that attachment you downloaded from a friend – yes the one with the cat wearing a hat – seems to have set off a virus which is emailing everyone in your address book.

The problem is we can get complacent, until things go wrong. Below are some tips on how to avoid setting off the fireworks.


These are the biggest source of problems with IT security. For a start emails are unsecure traffic. This means you cannot guarantee that the information you put in them will only be seen by the person you are sending it to. Emails get forwarded. Hackers could get onto your webmail online. You might even have sent one to the wrong person by mistake.

However, the main issue for businesses is to make sure staff don’t open or download email attachments. You don’t know where they have come from. It is so easy to think its ok because you have done business with that person. They could be a supplier or subcontractor. But my advice is if you don’t really know the person then don’t open the link.

We had one client who came to us after he had made that mistake. The virus sent emails to all his contacts and then encrypted all his company’s word documents and PDFs. The hacker then asked for money to make it right. Thankfully he didn’t pay but came to us instead.

Advice: If you use a server make sure you have anti-virus software, malware and back up your data on the cloud. And don’t open anything if you don’t know where it has come from.


I realise this may seem really obvious but you would be surprised at how this catches businesses out time and again. I have been to companies where the password has been put on a sticky note and stuck to a computer in the office. Yes really! You could have visitors wandering around who might well take note. Or what about staff members who you might allow access to one computer but not to another?

The other thing to remember about passwords is please don’t email them. As mentioned, email is unsecure traffic. Why would you give away something that is meant to protect your business in that way? Better to phone the person who needs it. That way you could also find out why they want it and make sure they should be given access.

Don’t forget when a member of staff leaves to change the passwords too. It might seem like a hassle but isn’t that better than allowing someone who is no longer in your team access to confidential business information. Remember to make sure the passwords are changed for mobile and webmail access too.

Advice: Don’t play fast and loose with passwords. Emailing and putting them on sticky notes is not a secure way of protecting your business. Make sure only those who should have them, do have them.

False website addresses

These can prove to be real horror stories for a business for two reasons. Firstly, unless you have a very strict IT policy, there is every chance your staff will be doing a bit of shopping online during office hours, particularly coming up to Christmas. If you’re the boss you may well be doing some yourself. But don’t gamble by using unknown websites, which may have a virus, just because you have been dazzled by the gifts on offer.

Reputable retailers will display the padlock symbol. This shows that the website is secure. You should also look for the symbol which shows they’re verified by VISA.

Employees wandering around online could unwittingly be putting your business and their own wallet at risk by not reading the URL properly. For example shows the website belongs to the reputable retailer. But shows the website belongs to online banking (who could be anybody). The latter is a sub-domain set up to catch you out. So hover your cursor over the email to check it out.

Secondly, from a business angle, you want your customers to feel reassured they can buy safely from you. Make sure you have safeguards on your own website to prove you are security conscious too. If in doubt, get expert advice.

Advice: When using search engines, check out the URL before you click further. It only takes a moment to be fooled into clicking onto a sub-domain rather than the reputable retailer.

Finally, there are bad people out there but they can only cause trouble for your business if you let them in. You don’t have to do it all yourself. There are managed anti-virus systems available now which work well for small businesses and even individuals. Web protection will block sites believed to be unsafe and of course use that old favourite – common sense. I also believe the cloud is a great tool when it comes to backing up your data. The big companies, like Google and Microsoft, are now offering this for small businesses.

Of course people ask me ‘what about the celebrities who have had their photos on the cloud? They got hacked so just how safe is it?’ What the fraudsters want from you, as a business, is information – not a picture of you without your clothes on. Keep that information protected by following a few simple rules and you can take as many naked selfies as you like – although in my case that would be more of a real horror story!

Andy Hinxman is founder of Keybridge IT

Further reading on IT security 

Comments (0)