In our day and age, cyber attacks are becoming more common and hackers are finding new ways to breach businesses and systems, putting business data at risk. All businesses can mitigate some of these risks by following simple security procedures in order to protect themselves and their clients from any potential cyber attacks.
Here are 9 useful tips to ensure your business is protected online:
1. Have I been pwned?
The answer is ‘highly likely’ or ‘almost certainly’ if you’ve been on the internet for some time. To be pwned is to imply that somebody has been compromised, such as you and your personal data, in a data breach. Checking to see whether your company has already been put at risk is an important first step to take when tightening up your online security.
Fortunately, the website ‘haveibeenpwned.com’ allows you to do just that. By entering your email address you can quickly assess if you may have been put at risk in previous data breaches. You can view when these breaches took place, the company it involved and what data were compromised.
Read more about this: https://haveibeenpwned.com/
2. Password manager
A great method to better protect yourself online is to have strong, unique passwords for every account. Don’t worry, you don’t need to remember all of these as a password manager application can do this for you.
A password manager is a software application that can be installed on your computer, tablet or mobile device. It assists with generating, storing and managing strong passwords for each of your accounts, requiring you to remember just one master password to unlock the database. We use Bitwarden at Encode, although there are many options for you to choose from, each offering a vital security step for your business.
3. Two factor authentication
To take password security one step further use two-factor authentication. This keeps the bad guys out by requiring you to submit two or more pieces of information for authentication, much as you would when signing into your bank online.
In the case of Google’s Authenticator app, this second piece of information is a generated code sent to your mobile device. Although other services may require you to plug in a dongle or scan a QR code, Google data show two-factor authentication blocks 100% of automated block hacks, which is why we strongly advise you consider this security for your business.
Read more about this: https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa
4. Ad blocker
Ads can be frustrating, slowing down our screens and interrupting our user experience, but did you know they can also compromise your privacy and security? Ads can contain malware and trackers that deliver harmful content, as well gather data as they follow your web browsing. Thankfully, there are some great free Ad Blockers out there, such as uBlock Origin, that can be installed as an extension on your browser, filtering out the bad stuff and leaving you with a site that loads in just a few seconds!
Read more about this: https://www.avg.com/en/signal/5-reasons-you-should-use-an-adblocker
5. Back up
Backup, backup and backup your backups. Systems can crash and harddrive failure does occur, so it’s important that you ensure all of your data is backed up securely. This could be done in a whole host of ways and either manually or automatically. What is essential is that you are prepared in the event of a data loss disaster and are able to rest easy knowing your business information still exists.
Read more about this: https://www.businessblogshub.com/2015/04/importance-of-database-backup-for-businesses/
6. Web Security
Keeping your website secure through HTTPS is a vital implementation in order to protect you and your user’s data. All users should be able to use your website privately and securely and HTTPS is encouraged to ensure this.
“The ‘S’ in HTTPS means secure”
HTTPS can be set up by obtaining an SSL certificate. This certificate protects all information by encrypting the data that transfers between users and the website itself. There are many ways to go about getting a SSL certificate, such as a paid certification service, but nowadays a lot of hosting companies offer a SSL certificate with your hosting package, saving you the hassle of installing it yourself. You can tell HTTPS has been set up correctly by the green padlock icon next to the website URL.
Read more about this: https://developers.google.com/search/docs/advanced/security/https
7. Software Updates
Updating your software regularly is an important step to protect your system or website from potential breaches. Software updates can include many different fixes and features so make sure you are checking often that you are all up to date.
These updates can cover things such as:
Patching Security Flaws & Vulnerabilities
Remove Old Features
Hackers often look for holes or flaws in software and plugins so by keeping what you use up to date, this prevents hackers from finding any potential entries and keeps your data and business safe.
Read more about this: https://wordpress.org/support/article/updating-wordpress/
8. Email Spam
Email spoofing and spam is prevalent nowadays but fortunately there are a few methods businesses can take to protect your domain reputation and make sure your emails are ending up where they should. One of these methods is setting up an SPF (Sender Policy Framework).
“An SPF record, or “Sender Policy Framework” is one of those standards. It enables a domain to publicly state which servers may send emails on its behalf. You don’t have to understand every detail of SPF records to use it, but a deeper knowledge can help you see the bigger picture.”
The website below is a good tool to check SPF records once it has been set up to see if there are any potential errors impacting delivery of emails.
Read more about this: https://mxtoolbox.com/spf.aspx
Unfortunately, everyone makes mistakes from time to time, but in information security, human error is sometimes missed or overlooked. Human error is one of the biggest causes of cyber security breaches and managing your cyber behaviour can help to mitigate unintentional circumstances.
Here are a few ways that employees can inadvertently cause threats to cyber security in your organisation, and how to prevent them:
Sometimes policies and procedures aren’t clear enough or too strict, causing employees to become misinformed or find ways around them. This can be prevented by having a clear security policy in place, which all employees are well informed on and understand. People must think for themselves in an organisation so it is crucial that everybody makes informed decisions abiding by procedures.
Confidentiality is a very important security principle that everyone should follow, but unfortunately, sometimes these boundaries are crossed and internal information can be leaked to the outside. To prevent this, ensure that employees aren’t using their personal email or devices when managing sensitive data and that GDPR & Data Protection laws are being enforced. User levels (admin, author, etc) should also be implemented to make sure the right people can see the right information.
Of course technology is a huge focus of cyber security, but the physical aspect can be easily overlooked.
Offices are filled with sensitive information so a plan should be made in order to keep this data protected.
Hardware should be safe and secure and hardening measures like locks, surveillance and access cards can enforce this. A disaster recovery plan should also be in place to protect everything from potential environmental hazards.
Read more about this: https://www.kaspersky.com/blog/the-human-factor-in-it-security/
Keeping your business safe online is a priority to ensure that sensitive data is safe and protected. The steps outlined above can hopefully help you to reduce the chance of any potential business security issues and keep your organisation secure and maintained.
This presentation and blog was written by Neil Batchelor and the team at Encode to help you keep on top of your small business security. As local WordPress specialists, We make the web work for you.
Need some one-to-one help? Give us a call on 01789 330 270, email firstname.lastname@example.org, to read more @ https://encode.agency