8 Steps To Protecting Your Cyber Security in 2021
Due the COVID pandemic and increase in employees working from home, cyber-attacks have increased exponentially within the last year and a half. Indeed, the World Health Organization (WHO) reported a fivefold increase in cyberattacks in late April 2020 alone. Worryingly, small to medium size businesses are prime targets for cyber-attacks, accounting for 43% of global attacks (Source: CM-Alliance). So what can be done to protect your SME, especially accounting for #WFH environments? Well, quite a lot actually, as it turns out.
1. Backup your data
As we mentioned in our blog ‘5 Ways to Back Up Your Google Drive’ there’s those who backup their data and those who haven’t lost it yet. A good backup system is imperative to the cyber security of your business as it ensures that even if your computer systems do manage to get hacked, information recovery is available.
To best backup your data, we recommend multiple cloud storage solutions. Not only do multiple cloud storage systems create multiple encrypted versions of your company’s data, cloud storage usually provides multi factor authentication processes for protected access. Finally, automation of backup data can be set for the end-of-every week, quarterly and yearly, meaning you can truly ‘set and forget’ your data storage processes.
2. Ensure you use multi-factor authentication
Speaking of multi-factor authentication (MFA), almost all of your security processes should require MFA, that is, two or more proofs of identity before you can access your account. For example, a password and additional security code sent to your mobile device.
MFA is important to a company’s cyber security because it effectively blocks access to malicious hackers that may have acquired your email address and password details from email phishing or malware.
Although many companies prefer not to use MFA because it can prevent easy access to software applications used by multiple employees, this can be avoided by using well-known proof of identity questions or sharing security codes within the company’s communication channels. Additionally, alerts should be set up to note whenever a malicious IP address has used a company username and password but was unable to login due to MFA.
3. Manage passphrases
On a similar note, make sure your passwords are not as simple as ‘password123!’. Business.gov.au has outlined several standard practices for passwords to reduce the risk of cyberattacks.
Alternatively, we find many companies have success with a password vault. With a password vault, you only need to know one password to unlock the vault. The vault then auto-fills forms, websites, applications and system logins easily with long-form passwords filled with strings of numbers.
4. Encrypt important information
Encryption involves transforming your data into secret code over the internet and thereby minimising the risk of device theft, destruction and tampering is minimised.
Every device used in your business should be fully-encrypted using a virtual private network (VPN) or through your router settings. It’s a low cost way to ensure your business devices such as mobile phones and external hard drives are secure, even away from the office.
5. Secure your devices and network
Make computer software updates automatic after business hours on all computers, as they may contain important security upgrades.
Install security software such as the latest anti-virus, anti-spam, and anti-spyware filters. Similarly set up spam filters on all employee email accounts. Finally, set up firewalls on all internal business networks as well as your portable devices to protect against malicious incoming traffic.
6. Train your staff and track your equipment
When it comes to cyber safety, the training of staff cannot be underestimated. Insider threats are a major vulnerability in today’s climate. Regular educational meetings where staff are informed about IT best practices, the latest threats as well as up-to-date incident response plans can make or break the survival of a business.
Additionally, putting in place good systems and protocols to monitor and record all incoming and outgoing computer equipment can make sure all external devices are secure from forbidden access.
7. Stay updated and evolving
Keep up to date with the latest security risks and scams that may affect your business. Sign up for the Australian Cyber Security Centre’s (ACSC) Partnership Program for access to up-to-date information on cyber security issues. Or rely on your managed service provider and read up on cyber security news from reputable publications such as Wired, Symantec, and Motherboard.
8. Get cyber security advice
While it’s all well and good to manage firewalls, password vaults, data backup etc. on your own, as a final preventative measure we recommend getting a regular Managed Service Provider (MSP). They can help you maintain your systems, develop disaster and backup recovery plans, provide IT health checks and give a complete picture of your organisation’s ability to plan and protect against cyber incidents.
If you’re interested in a quality MSP service to protect the cyber health and resilience of your company, get in touch with us today. We’ll design, build and manage a security platform tailored to your business, so you can enjoy peace of mind.