6 Quick Tips To Keep Your Business Safe From Hackers And Scammers
Published on 21st July 2020
Growing businesses often believe themselves to be of little interest to hackers or scammers. While larger businesses plough resources into online security, small and medium sized enterprises often leave too much to chance; exposing valuable business data and assets to unnecessary risk.
The sad fact is that more than half of these businesses will face a security threat each year, with one small business successfully hacked in the UK every 19 seconds.
The simple reason behind these scary statistics is that hackers know that most small and growing businesses will be easier to breach than their larger counterparts. They are looking for multiple quick wins - whether that’s for material gain or simply out of malice.
It’s therefore essential that the businesses most at risk learn how to protect themselves, and we hope our six quick tips will provide a strong starting point for better online safety.
1. Keep software updated
Everyone makes mistakes, even software developers. It’s become a fact of modern life that small mistakes or ‘bugs’ will often exist in the software we use in our homes and businesses.
While some will be nothing more than an annoying glitch, others leave security gaps which can be exploited by hackers and leave your business exposed to disruption or data theft. This makes it really important to make sure that bugs are fixed as quickly as possible.
On your devices: Always make sure you’re running the most up-to-date version of your operating system and any other software you use, as these will have the latest bug fixes. The easiest way to do this is to enable automatic updates.
For software that doesn’t offer automatic updates, keep an eye out for announcements about new versions and make a plan to upgrade as soon as you can. It’s easy to ignore update notifications and tell yourself you’ll get round to it later, but running insecure older software could create a security threat for your business.
On your servers: Bugs in server software are generally more dangerous than bugs on your device software because servers are continually exposed to the world at large. Bugs in your website content management system (CMS) might allow hackers to deface your website or even steal your customer data, so need to be fixed quickly and thoroughly whenever they arise.
Unlike device software, updates to server software usually need to be manually installed to make sure there is no interruption to the service you offer your customers.
The best website providers take care of this for you. All it’seeze clients automatically receive ongoing security updates as part of their package, protecting them from security threats and making sure their website is always running at peak performance.
2. Use a virus checker
Even worse than buggy software is deliberately malicious software (known as malware), which has been created with the aim of causing damage.
There are many types of malware, including:
Viruses: self-copying code that infects other software
Trojans: software that pretends to be useful but also does something harmful
Spyware: software that steals your private data
Ransomware: software that encrypts your data and charges you to decrypt it.
While keeping software updated helps close security holes that malware can exploit, using a virus checker adds an extra layer of defence for your business by preventing all types of malware from reaching you.
Most modern virus checkers not only scan files on your computer and in email attachments, but will also monitor incoming and outgoing network connections and will warn you if you are about to visit a fake website.
All it’seeze clients benefit from the virus checkers that run on our servers, scanning any files that are sent to a client's email account or uploaded through their website.
3. Back data up regularly
Backups are an essential process for the protection of your business.
Begin by identifying your essential data. This might be anything from original photography through to customer contact details, emails, and calendars; anything of value to your business.
Next, find a way to store it separately. Some businesses will use hard drives but, depending on the volume of data you need to store and access, you might want to consider using the cloud.
However you decide to do it, you should always have off-site backups to protect your business from unforeseen events, including things like fires or burglaries as well as hacks. Your backup should always be physically separate from your hardware and location, and should always be encrypted. If it isn’t, your business won’t meet GDPR compliance requirements.
We help our clients with this by ensuring that our it’seeze servers are mirrored in a separate data centre, and that daily backups are stored at a third location.
Our page history tool also gives you the power to roll back your website to a previous version, so should the worst happen, you can always restore your website to how it was before a change was made.
4. Choose passwords carefully
When you’re busy thinking of other things, it can be tempting to choose one easy to remember password and use it across all of your online accounts and devices. However, this could make you easy prey for anyone who wants to fraudulently use, steal, or destroy your data. The best thing you can do to protect yourself and your business is to use a different password for every online service account.
We usually recommend using a password manager to generate random, high-strength passwords. If you use Firefox, this functionality is already built in. If not, look out for password managers like BitWarden, LastPass, or OnePassword to safely generate and manage your passwords.
Every single device should also have password protection enabled and, where available, two factor authentication (2FA) should be used to add an extra layer of safety. 2FA will always ask you to use two different methods to prove your identity, usually your password and one other. This might be a code sent to you as a text message or on an email.
A recent Google poll found that 65% of people reuse the same password for multiple accounts, creating a security risk.
5. Learn how to recognise a phishing message
The government’s 2019 Cyber Security Breaches Survey found that 80% of businesses receive phishing emails, making them the most common form of security attack.
Phishing emails may ask you to confirm personal details, update payment methods, or ask you to click on a link to an attachment (that unleashes damaging malware onto your computer or device when opened).
These types of emails can be hard to spot, and even come from an email you recognise if it has been ‘spoofed’, so the best advice is to never click on a link in an email. If it’s come from an organisation or account you recognise, use your usual bookmarked links or contact details to get back to them. If it comes from an unknown source or if you are ever in doubt, just hit delete.
You can give yourself an extra layer of protection by instantly filtering out spam, and all it’seeze clients who use our email service benefit from our intelligent filtering system, which reduces the number of spam emails they receive.
6. Have an I.T. security policy and share it
Once you know what you have to do to keep your business safe, it’s crucial to get the whole team on board. Whether that’s two, 20, or 200 of you, everyone needs to be on the same page and following the same procedures. The best way to do this is to create a clear and concise online safety policy. Make it a part of your employee resources, keep it up to date, and share it through training sessions if you can.
Ideally, it will include information on all of the points covered above and will also detail what is considered confidential information - and what constitutes authorised sharing of that information.
To provide your business with the best possible protection, your policy should also outline what devices can be used to access business information and prevent staff from using their own USB or other storage devices. These can harbour dangerous viruses that are downloaded when the device is used.
Some final things to remember
When considering how to protect your business online, it’s important to recognise that devices other than computers could affect the success of your security measures. Any laptop, tablet, or smartphone might also contain business-critical information that’s worth safeguarding, so make sure you know exactly how your team is communicating.
Discourage staff from sharing any personal information online unless they are completely certain that the organisation they’re communicating with won’t misuse their data, and help them find ways to keep information safe and password protected across all their devices.
All employees should also know to look out for the green SSL certification padlock that appears in the address bar when they arrive on a website. While it can’t guarantee that the site is completely safe, it tells users that all data travelling to and from the website is encrypted between browser and server.
An SSL certification padlock is something you’ll see on every it’seeze website whose domain name is registered with us; we provide it for free to help our clients comply with their legal data protection obligations, to make sure visitors to the website don’t receive browser security warnings, and to avoid any negative impacts on search engine rankings.
it’seeze is a supporter of growing businesses. We help keep our clients safe online by providing secure websites and emails. If you’d like to chat to us about how we could help your business, please get in touch.
Share this post: