↵ Back

How To Improve Cyber Security For Your Business

Ways of improving cyber security quickly and easily

  • 01
    Introduction

    If you are a small or micro business, there is an increasing chance that you will experience a cyber security breach. The National Cyber Security Centre (NCSC) estimates a 1 in 2 chance of experiencing a cyber-attack resulting in potential losses of over £1500.

    This guide will provide you with information that is easy to understand and costs little to implement and doing so will significantly your protection from the most common types of cyber-crime.

    It is based on the NSCS Cyber Security Small Business Guide and covers 5 topics that will show you how easy it can be to protect your organisation’s data, assets, and reputation.

    To further help you, Acumenology has produced a series of Business Guides on a range of relevant topics. You can find these at: www.acumenology.co.uk/business-guides

  • 02
    Backing up your data

    Data is critical for the operation of any business and thus it is essential that all businesses irrespective of size regular backup their data and that it can easily be restored.

    Doing so has the additional advantage that you can’t be blackmailed by ransomware attacks.

    4 things to consider when backing up your data.

    1. Identify the data you wish to back up
      Identify the essential data your business couldn’t function without.
    2. Ensure your back up is separate from your computer
      Your data should be backed up on an external drive and/or a third-party cloud-based system. At Acumenology we back up our data daily on an external drive as well as a separately on a 3rd party cloud backup system.
      Ensure access to backups is restricted so that it is not accessible by staff and is not permanently connected (either physically or over a local network) to the device holding the original copy.Ransomware (and other malware) can often move to the attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from.For more resilience, consider storing your backups in a different location, so fire or theft won’t result in you losing both copies.Cloud backup solutions are a cost-effective way of achieving this.
    3. Consider cloud backup
      Using cloud backup means your data is physically separate from your location.Service providers provide data storage and web services without you needing to invest in expensive hardware.
      Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses. Most service providers have good security practices. However, before contacting them we recommend you get some prior knowledge to help you decide what to look for when evaluating their services, and what they can offer.We recommend you read the NCSC’s Cloud Security Guidance
    4. Back up daily

      Ensure your backups run daily. This applies to both the data you backup on an external drive and, the backup carried out via your cloud service provider.

      Most solutions allow you to do this automatically and using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.

      You can also find out more on the ICO website Cloud computing.

  • 03
    Protection against malware

    Malicious software (‘malware’) is software or web content that can harm your organisation’s IT services. The most well-known form of malware is viruses, which are self-copying programs that infect software.

    Consider these 5 tips that can help protect you from malware attacks.

    1. Install and turn on antivirus software
      Most popular operating systems come pre-loaded with FREE Antivirus software and should be used on all computers and laptops.
      All that is required is to click ‘enable’.
    2. Only download apps that can be trusted
      You should only download apps for your portable devices from manufacturer-approved stores (like Google Play or Apple App Store).These apps are checked to provide a certain level of protection from malware. You should prevent staff from downloading third party apps from unknown vendors/sources, as these will not have been checked.
    3. Keep all your equipment up to date
      Ensure all your IT equipment including mobile devices are always kept up to date with the latest version of the software and firmware.Operating systems should be set to ‘automatically update’ whenever this option is available.
    4. Control how external drives are used
      Using USB drives or memory cards to transfer files is commonplace, and it is hard to keep track on who and how people use them.
      Inadvertently using a device containing malware can have devastating consequences.

      You are reduce your risk by:
      Blocking access to physical ports for most users
      Using antivirus tools
      Only allowing approved devices to be used
      Ensuring files are transferred by email or cloud transfer such as MultCloud, Google Drive, One Drive or WeTransfer

    5. Switch on your firewall
      Firewalls create a ‘buffer zone’ between your own network and external networks (such as the Internet).

      Most popular operating systems now include a firewall, so it may simply be a case of switching this on.

     

  • 04
    Keeping mobiles and tablets safe

    Businesses now commonly use mobile technology as part of their everyday business and with these devices being as powerful as computers it is important to ensure they are protected.

    Here are 5 tips to keep your mobile devices secure.

    1. Switch on password protection
      Choose a complex PIN or password. Many devices now include fingerprint and/or facial recognition. Make sure you use these features if available.
    2. Keep devices tracked
      Having devices lost or stolen have to be allowed for. You can use various freely available tools to minimise your risk by:Tracking the location of your device
      Remotely lock access to the device
      Remotely erase the data on the device Retrieve a backup of data stored on the deviceYou can set up these tools on all your organisation’s devices with a single click by using the appropriate mobile device management software. To find out more CLICK HERE
    3. Keep your device up to date
      Ensure your devices are kept up to date at all times. Set your devices to automatically update where possible.
    4. Keep your apps up to date
      All applications installed should also be updated regularly. These updates will add new features as well as patching any security vulnerabilities.

    5. Do not connect to unknown Wi-Fi Hotspots

      Public Wi-Fi hotspots can be accessed by third parties to:

      Access your work whilst connected

      Access your login details to apps and web services whilst you are logged on

      The safest method is to use your mobile 4G network, which has built-in security. You can also use ‘tethering’ (where your other devices such as laptops share your 4G connection).

      You can also use Virtual Private Networks (VPNs), which encrypts your data but make sure you only use VPNs provided by reputable service providers.

      For more information CLICK HERE

     

     

     

  • 05
    Using passwords to protect data

    Your devices contain a lot of business-critical data, as well personal information and details of online accounts.

    Using passwords correctly is a easy and effective way to prevent unauthorised access to your devices.

    4 things to keep in mind when using passwords.

    1. Switch on password protection
      For mobile devices set a screen-lock password, PIN, or other authentication method.Make sure that your office equipment also all use an encryption product. Most devices will have encryption built in.
    2. Use two factor authentication
      Where possible use two factor 2FA. This adds another layer of security for little effort.

      2FA requires two different methods of authentication before you can use the service. Generally, a password plus one other method.
      This could be a code that’s sent to your smartphone (or a code that’s generated from a bank’s card reader).

    3. Avoid predictable passwords
      Set passwords that are easy for you to remember, but hard for somebody else to guess.

      A good rule is ‘make sure that somebody who knows you well, couldn’t guess your password in 20 attempts’.

    4. Manage ‘password overload’

      Do not be overzealous with passwords. Only enforce password access to a service if you really need to.

      Where you do use passwords do not enforce regular password changes.

      Passwords really only need to be changed when you suspect a compromise of the login credentials.

      Use password managers. These are tools that can create and store passwords and which can be accessed via a ‘master password’.

      For more information on setting up passwords read the NCSC’s password policy guidance.

     

  • 06
    Avoiding phishing attacks

    A phishing attack involves scammers sending fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites.

    Phishing emails are getting increasingly sophisticated and harder to spot. Whatever your business, it is likely you will receive phishing attacks at some point.

    Here are some tips to help you identify the most common phishing attacks.

    1. Configure your accounts to reduce the impact of successful attacks
      Configure employee access using the principle of ‘least privilege’.
      This means giving staff the lowest level of user rights required to perform their jobs.If they become a victim of a phishing attack, the potential damage is reduced.Minimise employee access to browse the web and or check personal emails using business devices. They can do so on their own device.
Back to Top