The summer holiday season is fast approaching and with the daily reminder of cybercrime in the news, how do you continue to protect sensitive business information with the office closed and staff on leave?
Information security is big business. The number of major data breaches in recent years involving major corporations like Equifax, British Airways and CapitalOne have been significant. Large corporations have complex internal IT departments and would be using the most up-to-date cybersecurity software available, however they still fall victim to simple mistakes and oversights that lead to critical incidents, such as weak passwords and missed software updates.
Cybercrime is predicted to grow exponentially and the Australian Cyber Security Centre (ACSC) lists email compromise and ransomware as the top issues being reported by businesses and organisations.
As a business owner you would be justified in thinking about the additional measures can you take to more effectively protect your company’s data when large corporations with their enormous information security budgets are falling victim.
Whatever your business size, any security breach has the potential to be destructive, costly and cause extensive disruptions to your business operations.
Over the holiday break taking extra precautions is essential to ensure your business systems and data remain safe and secure. The good news is there are ways to minimise risk and give your business and client data the protection it deserves.
With relevant and proper safeguards in place any potential data security breaches can be limited or planned to be avoided all together.
What are the essential business data protection tips?
To keep sensitive information safe over the holidays we highly recommend you follow these important security practices.
Keep systems and software up to date
It is extremely important and best practice to always keep your operating systems and antivirus/malware software programs current.
Updating device security settings, operating systems and other software to have the latest security patches available ensures you can better protect your systems from malware or ransomware attacks.
These critical updates resolve known vulnerabilities and severely mitigate the chances of exploits being used to get into your systems and networks, and are one of the most important layers of protection in keeping your business secure and operational.
Set up automatic software updates
Scheduling automatic software updates at a regular time of the week safeguards your business against missing any important system version updates when they become available.
Being consistent in your software update activity enables you to better protect your company’s data.
Hackers and malicious actors are well equipped to scan networks for older software versions with known security vulnerabilities, so it pays to be vigilant and on top of patching.
Make sure you have reputable anti-virus programs installed, and install all updates promptly to ensure your protection is up to date with the latest threats.
Investing in software that secures and protects your business network and every device on it from malware and other threats is money well spent.
Failing to invest in proper security tools and practices could cost your business significantly more should you be subject to a malicious attack or data breach.
Back up critical data
If your systems are hit with ransomware, your data is gone for good in most situations, therefore backing up your data correctly is critical for minimising business disruptions and getting you back up and running.
Backup your critical data using the 3-2-1 rule.
Keep at least 3 copies of your data, so that in the event one set of backup data is lost or unusable, you have a backup for your backup!
Keep your backups on at least 2 different storage media, such as external hard drives and cloud-based storage solutions.
It’s also incredibly important to keep your external backup devices disconnected when not running backups, as most ransomware variants will scan for connected external devices they can target, locking your backups and making them completely unusable.
Always keep at least 1 copy of your data off-site, or in a separate location to your other backups, so that in the event of an emergency such as flooding or fire, you know you have a safe set of backups. Cloud-based backup solutions are a great way to ensure you have a backup in a remote location that you can always access when you need to.
Last but not least, test your backups regularly to make sure they’re functional and backing up the data you need!
Following these methods will ensure you retain and can access important business information, and can easily recover essential operational information in the event your computers or servers come under threat.
Any attempts by criminals to force you to pay for access to your data can be denied if you have all your data backed up securely on a separate storage device or cloud platform.
Invest in a cloud service provider
A trusted cloud service provider can store your data, manage security and update software patches should your business need an expert to administer security issues and updates.
This is a good solution for small to medium businesses seeking better protection but may not suit larger organisations.
Secure your wireless network
Wireless networks are especially vulnerable to unwanted attention from cyber criminals. When connecting to or setting up wireless networks, use the strongest wireless signal encryption settings such as WPA2 to strengthen your security posture, and keep unwanted eyes from peeking at your network traffic.
Safeguard or change passwords
Changing passwords on a regular basis is another beneficial way to deter would-be hackers.
Using unique, longer passwords that are easy to remember but hard to guess provide best protection. A minimum of 12 characters with a combinations of letters, numbers and special characters is recommended, and make things incredibly difficult to break into.
Using different passwords for different services is also incredibly important for keeping your credentials secure. You can have the most secure, complex password imaginable, however it is only as secure as the services you use it on.
If you use the same password across multiple sites and services such as your email, banking or social media, it only takes one of those sites being breached for your accounts across all the other services to be vulnerable.
Password managers such as LastPass, Dashlane, 1Password or Bitwarden are fantastic business and personal security tools that can help manage your accounts & credentials, and make remembering all of the passwords for each of the different services you use a thing of the past.
Enable Multi-Factor Authentication on your services
Look at adding an email encryption solution
With email data breaches on top of the cyber criminals’ target list, it is crucial your business introduce an email encryption solution.
Seamlessly integrating into frequently used email platforms, current email encryption solutions are easy to use. They help to ensure your emails and confidential business information will be read only by intended recipients.
Email encryption is becoming widely accepted as best practice to ensuring sensitive business information is protected.
Manage security risks for personal devices
Does your team use their own personal devices for as part of their role? If the answer is yes, it pays to have a process and tools to manage any potential security risks for those external devices by creating a policy and plan.
We recommend considering areas such as mobile system costs, any legal considerations, internet use and monitoring, company data management and location tracking.
Policies should also cover employees who work remotely and include an external security best practice list to cover items such as password protections and network security.
Train and educate your team
Cybersecurity is the responsibility of the entire organisation so it is essential to train and educate employees regularly on the security risks and threats your business faces daily. Culture is King, especially when we speak about cybersecurity!
Engage the team in regular training sessions covering topics such as the dangers of data breaches by human error, how cyber criminals operate including suspicious activity signs to look for, and how their individual actions can have a positive impact in keeping the business data safe and secure.
Educate the team on the security technologies used at the organisation, conduct information sessions about harmful software and new security risks, and any updated software you are using to safeguard the company’s welfare.
Regular training sessions should be delivered with meaningful, compelling and relevant messages, and a “What’s in it for Me?” component. Encourage the team to take ownership and support the organisation’s efforts in keeping business information secure.
We suggest you schedule a pre-holiday information session.
For peace of mind over the holidays we strongly propose you have reviewed and implemented these key cybersecurity measures to protect your data.
We can assure you it’s worth the investment of time and money to safeguard and future proof your organisation against any potential cyber threats.
Does all this information require a chat? Get in touch with us to discuss your unique cybersecurity needs and let us help you decide on your next move.