Best Practices for Computer Security within Small Businesses
Computer security has never been a hotter issue than it is today. Data breaches, cryptolockers, malware, phishing – as more and more of our lives and businesses go digital, the more we expose ourselves to sneaky hackers looking to take advantage of us.
As a small business owner it’s easy to let computer security slip as a priority. You’ve got so many other things to do besides fiddle around with some computer stuff. She’ll be right, mate! Right? Well, not really.
Anthony Hill, Head of Technology at Geeks2U says that ignoring computer security could lead to a “worst case scenario where there’s a total loss of your business as data like customer info and orders are deleted, customer data is leaked online resulting in a privacy breach and proprietary company information getting out to competitors”. The consequences of ignoring computer security can be catastrophic.
Backups, backups, backups
Backups are Anthony Hill’s top recommendation for small business computer security. “Make sure you have regular backups, because regardless of how good your internet security software is, it’s not perfect.
With a proper backup regime, you can restore any damaged or stolen data quickly”. Regular backups have proven to be the best way to counter popular ransomware attacks. Instead of paying the ransom to restore your data, simply restore from your backups.
The 3-2-1 rule of backups is a mantra anybody serious about computer security should become familiar with. 3 copies of your data, on 2 different devices or mediums and 1 copy offsite. The easiest way to achieve this is to invest in Network Attached Storage and cloud backup (for example Backblaze or Carbonite). Backups should also be as automated as possible to avoid human error.
Keep software updated
Computer security researchers are constantly poking around popular software packages to find flaws that allow hackers to access your computer. Most software vendors keep on top of these security vulnerabilities and release updates to fix them. Hackers take advantage of known vulnerabilities that have been fixed, but prey on users that are yet to update. Thwart the hackers by keeping your software patched.
Unfortunately, software vendors do end support for their products eventually. Versions of macOS three releases prior to the current version and Windows versions prior to Windows 8 no longer receive regular security updates. If you’re still using those older operating systems, it’s time to upgrade or face the computer security consequences.
Upgrade from basic anti-virus
The built-in free anti-virus software that comes with Windows is fine, but if you’re running a small business and have multiple computers to look after (such as those used by employees), it’s worth investigating a centrally managed internet security platform.
Internet security platforms include not just a basic firewall and anti-virus, but the ability to whitelist software, filter internet access, push out forced regular updates and even monitor what employees are doing on company owned devices – all from a single control panel. Having all these features centrally managed ensures all devices are protected and easy to manage, as opposed to trying to wrangle multiple individually owned devices manually.
Cyber security tips for employees
According to Anthony Hill, “the vast majority of data breaches start with staff”, so it’s vital your employees are trained and vigilant. Your small business computer security is only as good as its weakest link!
Introduce a strong password policy (more than 12 characters, no dictionary words, special characters) and provide password manager software to securely store them in. For an additional layer of security, multi-factor authentication tokens such as a Yubikey can be set up for access to important accounts. Using a multi-factor authentication token means any potential hacker needs not only a password, but also a physical token to gain access. This makes it much, much more difficult for unauthorised access.
Institute training to recognise phishing scams. These are emails designed to look like messaging from a bank, a customer, supplier or a fellow employee, but are actually designed to scam your business out of money or access to your computer network. A good way to check if a risky looking email is legit is to pick up the phone and call whoever it is making the request using a publicly available phone number.
Don’t use public wi-fi. Public hotspots can easily be set up as honeypots for hackers to steal information sent wirelessly. Even on legitimate hotspots, hackers can sniff the data going through the hotspot, even if it’s encrypted. The best way to avoid this problem is to provide staff with a mobile broadband device. This way they’ll have internet access everywhere they go, without needing to use risky public wi-fi. If you absolutely must use public wi-fi, at least use a VPN with strong encryption so all communications are secure.