As attacks and attackers become increasingly sophisticated and remote and cloud working more widespread, our cyber security measures should keep up. But in the modern world, changes occur so rapidly that it can be difficult to know what to do or where to start when it comes to securing our small business’ systems and sensitive information.
This guide will help you to protect your business’ personal information and online systems by massively reducing the likelihood and impact of a successful attack, therefore protecting your hard-earned reputation. You can implement these 7 cybersecurity best practises for SMEs today, and not-so incidentally, they will also help you become GDPR compliant. You will be able to rest easy knowing that your business’ cyber security is taken care of.
Get creative with your passwords
Using strong and unique passwords for each account is one of the most effective things you can do to reduce the chances of any online account becoming compromised. The longer and more nonsensical, the better. Get started today by installing a password manager (such as LastPass) and change all of your existing passwords to a unique combination of letters (upper and lower case), numbers and special characters. Now, you’ll never have to click that “forgot password” button again!
Turn on 2 factor authentication
Two-step or multi-factor authentication offers additional layers of security beyond a straightforward password. With multi-factor authentication, even if someone gets hold of your password, it’s unlikely they’ll be able to access the information needed to complete the second step of verification. You can verify via your email, or with an authentication app, to receive a unique code to grant you, and only you, access to your account.
Secure your connections
Wherever you are, in order to work, you will need to connect to a network. Whether it’s your home or office network, securely configuring it is very important and not too complex. Change your WiFi name and standard issued password if you haven’t done so already after receiving it from your internet provider. You can even have a little fun with coming up with new WiFi names: Pretty Fly for a WiFi; Nacho WiFi; the list goes on. We won’t try to take credit for these names, promise.
Even after you’ve configured your WiFi securely, you should always use a Virtual Private Network, or VPN, to secure the connection between your computer and the internet. A VPN ensures that you can access your company’s data securely, without anyone sneaking in to take a peek. NordVPN is a great, affordable VPN provider.
Beware how you share
In a business, there is always a need to share information. Sharing personal data is perfectly reasonable, and in line with the GDPR, as long as you take adequate measures to protect that information. Luckily, secure data sharing does not have to be difficult.
Always check whether the person or people you’re about to share information with really need to have access to this data. If the answer is yes, share this information via a secure cloud platform such as Google Drive, Dropbox or OwnCloud. These platforms encrypt your data to make your information illegible to an unauthorised reader. Make sure to password-protect the links you use to share information and where possible, disable the link after a certain period of time.
Don’t bring your own device
Working from home (or a sunny island, if you caught a flight in time) means freedom to use personal devices to do your job. But that increases the risk to your business and the sensitive information it is responsible for, because personal devices usually do not live up to security standards and compliance obligations. Make sure you only use your work devices that have antivirus and firewalls installed and can be backed up or wiped remotely if necessary. And only use your work device for, well, work.
Take a break, get a coffee and...update!
The well-known pop-up that says “there’s a new update available” isn’t just annoying (we admit it), but an extremely important part to securing your device, your business’ information and ultimately its hard-earned reputation. When we ignore those pop-ups, or simply keep postponing until mañana, mañana, we are giving criminals the perfect opportunity to exploit the little holes in our software or operating systems that the update is intended to repair (or “patch”, in cybersecurity jargon).
So, make sure that all of your software, including your operating system, is set to update automatically. Just use this time to get a coffee, maybe some biscuits, preferably chocolate ones… Hold on, I think there’s a new update available!
Backing up can be a life-saver
Imagine… It’s late and you’ve just finished replying to all those emails (so many emails!) and writing a proposal for a new customer. You’ve gotten hungry (the biscuits you had while your Windows was updating aren’t quite enough) so you intend to finish first thing in the morning. But then, fate strikes, and your laptop has crashed. You’ve lost everything... So make sure you always back-up your data. Ideally, back up your data to a cloud backup provider such as CloudAlly.
If you’ve taken all seven steps from our cybersecurity guide for small businesses, you have not only made your business and yourself more secure, but more compliant with data protection legislation (GDPR) as well. Taking these seven cybersecurity measures for small businesses also means that you might be eligible for a cybersecurity certificate, proving to your customers and your suppliers that you take protection of their data very seriously, ultimately benefiting your business and your reputation. Cyber Essentials and IASME Governance are two great options for small businesses. Check out this link if you want to know more: Cyber Essentials Certificate for small businesses.