How to avoid fireworks with your IT security

Andy Hinxman gives some tips on keeping your cybersecurity in good order as a small business.

When things go wrong with your IT, it can feel as though you are in the middle of a horror film. The flames are circling. Customers want information. Your staff need to get on with their jobs. Everything has frozen, your personal information has been cloned and that attachment you downloaded from a friend – yes the one with the cat wearing a hat – seems to have set off a virus which is emailing everyone in your address book.

The problem is we can get complacent, until things go wrong. Below are some tips on how to avoid setting off the fireworks.

Emails

These are the biggest source of problems with IT security. For a start emails are unsecure traffic. This means you cannot guarantee that the information you put in them will only be seen by the person you are sending it to. Emails get forwarded. Hackers could get onto your webmail online. You might even have sent one to the wrong person by mistake.

However, the main issue for businesses is to make sure staff don’t open or download email attachments. You don’t know where they have come from. It is so easy to think its ok because you have done business with that person. They could be a supplier or subcontractor. But my advice is if you don’t really know the person then don’t open the link.

We had one client who came to us after he had made that mistake. The virus sent emails to all his contacts and then encrypted all his company’s word documents and PDFs. The hacker then asked for money to make it right. Thankfully he didn’t pay but came to us instead.

Advice: If you use a server make sure you have anti-virus software, malware and back up your data on the cloud. And don’t open anything if you don’t know where it has come from.

Passwords

I realise this may seem really obvious but you would be surprised at how this catches businesses out time and again. I have been to companies where the password has been put on a sticky note and stuck to a computer in the office. Yes really! You could have visitors wandering around who might well take note. Or what about staff members who you might allow access to one computer but not to another?

The other thing to remember about passwords is please don’t email them. As mentioned, email is unsecure traffic. Why would you give away something that is meant to protect your business in that way? Better to phone the person who needs it. That way you could also find out why they want it and make sure they should be given access.

Don’t forget when a member of staff leaves to change the passwords too. It might seem like a hassle but isn’t that better than allowing someone who is no longer in your team access to confidential business information. Remember to make sure the passwords are changed for mobile and webmail access too.

Advice: Don’t play fast and loose with passwords. Emailing and putting them on sticky notes is not a secure way of protecting your business. Make sure only those who should have them, do have them.

False website addresses

These can prove to be real horror stories for a business for two reasons. Firstly, unless you have a very strict IT policy, there is every chance your staff will be doing a bit of shopping online during office hours, particularly coming up to Christmas. If you’re the boss you may well be doing some yourself. But don’t gamble by using unknown websites, which may have a virus, just because you have been dazzled by the gifts on offer.

Reputable retailers will display the padlock symbol. This shows that the website is secure. You should also look for the symbol which shows they’re verified by VISA.

Employees wandering around online could unwittingly be putting your business and their own wallet at risk by not reading the URL properly. For example: www.onlinebanking.reputableretailer.co.uk shows the website belongs to the reputable retailer. But www.reputableretailer.onlinebanking.co.uk shows the website belongs to online banking (who could be anybody). The latter is a sub-domain set up to catch you out. So hover your cursor over the email to check it out.

Secondly, from a business angle, you want your customers to feel reassured they can buy safely from you. Make sure you have safeguards on your own website to prove you are security conscious too. If in doubt, get expert advice.

Advice: When using search engines, check out the URL before you click further. It only takes a moment to be fooled into clicking onto a sub-domain rather than the reputable retailer.

Finally, there are bad people out there but they can only cause trouble for your business if you let them in. You don’t have to do it all yourself. There are managed anti-virus systems available now which work well for small businesses and even individuals. Web protection will block sites believed to be unsafe and of course use that old favourite – common sense. I also believe the cloud is a great tool when it comes to backing up your data. The big companies, like Google and Microsoft, are now offering this for small businesses.

Of course people ask me ‘what about the celebrities who have had their photos on the cloud? They got hacked so just how safe is it?’ What the fraudsters want from you, as a business, is information – not a picture of you without your clothes on. Keep that information protected by following a few simple rules and you can take as many naked selfies as you like – although in my case that would be more of a real horror story!

Andy Hinxman is founder of Keybridge IT.

Further reading on IT security

Small businesses flippant about cyber security

Two thirds of small companies don’t consider themselves to be susceptible to cybercrime, research finds.

According to the government’s Cyber Streetwise campaign, 66 per cent of SMEs don’t consider their business to be vulnerable, and just 16 per cent say that improving their cyber security is a top priority.

When asked if they agree with some of the most common misconceptions around keeping their business secure online, more than three quarters (78 per cent) of small businesses believe at least one.

These include the idea that only companies that take payments online are at risk of cyber crime, with 26 per cent of respondents believing this.

Furthermore, 22 per cent believe the notion that small companies aren’t a target for hackers.

In reality, small businesses are a bigger target than ever because they typically hold far more data than the average consumer, but often don’t have any additional preventative measures in place to protect themselves, according to the campaign.

Last year, 33 per cent of small businesses suffered a cyber attack from someone outside their business.

This apparent lack of understanding around cyber threats is leaving many small firms vulnerable to losing valuable data and then suffering the knock-on effects, including losing customers and a damaged reputation.

The government’s Information Security Breaches Survey also finds that the average cost of the worst security breach is between £65,000 and £115,00 and can result in a business being put out of action for up to ten days.

A quarter (24 per cent) of small businesses think that cyber security is too expensive to implement and 22 per cent admit that they ‘don’t know where to start’.

John Allan, national chairman of the Federation of Small Businesses adds, ‘We know from our own research that in the future small businesses expect to become much more dependent on web based tools. We also know that, as firms’ reliance on tools like cloud computing increases, they also become more aware of the threats these services can pose.

‘For example, nearly a third of businesses we questioned (61 per cent) were worried about the threat of data theft or loss. We need to give these businesses the knowledge and tools they require to prevent this from happening, and so help the continued take-up of these productivity-enhancing technologies.’

Related Topics

Computer & IT Business

Leave a comment