Digital security should be a top priority for every business. Whether or not you have an online presence, it is almost certain that you use digital technologies in the course of your work.
Cybercrime is on the rise, and the potential risks are high. You should take some simple steps to help ensure your business is protected.
Change your passwords
Let’s start with the basics. Although they are an imperfect system, passwords are the most common way in which users authenticate themselves with digital systems. They are the first line of defence, and they need to be strong.
All too frequently, users rely on passwords that can be easily guessed or cracked by nefarious users. It is vital that you take some time to strengthen your passwords.
There are a few easy ways in which you can strengthen your passwords. First of all, make sure that you don’t base them around personal information such as your date of birth. This is crucial. Use a combination of letters, numbers, and special characters where possible, remembering that your password should not be based on a word you could find in the dictionary. Ideally, you should use a random password generator, many of which are available for free online. These tools create strings of characters, and then save them in a secure set. This can be one of the most efficient ways of ensuring that your passwords are as strong as possible. Finally, make absolutely sure that you do not use the same password for more than one service, or that your passwords each follow the same formula.
If there are several users logging in to your systems, you should consider requiring them to use some of these techniques to ensure that their own passwords are as strong as possible too. Services like the Outlook Web App allow you to stipulate that passwords must be reset at specific intervals (such as every month), and that they must meet other criteria, including that they are not a repeat of a previous password. Alternatively, you might insist that employees make use of random password generators themselves. These sorts of requirements should be contained in your security policy, more details of which can be found below.
Protect your computers
A good anti-virus and firewall package is an absolute necessity for your business. This software helps to protect you from dangerous incoming information, and regulate the way in which your computer interacts with its networks.
There is a vast range available online, and the good news is that many of these are free. Make sure you do your research before selecting one, though. Not all anti-virus packages are equal. Anti-virus software checks data against lists of known threats, and analyses it to identify potentially dangerous items. The nature of that list, and the quality of the analysis tools, are crucial to the anti-virus software’s success. There is a range of reputable anti-virus test roundups available online, and you should peruse these carefully before making a decision - remembering that your choice will be limited if you are running a Mac. It may well be more sensible to spend a bit of extra cash and invest in an enterprise-class anti-virus solution in order to maximise protection.
A comprehensive package will also include a firewall. These packages help to protect your systems by looking at the data arriving at and leaving your computer, and judging what is safe. Your operating system may already have a firewall built in, but as with antivirus software, you should think about investing in a business-standard package.
Update your software
Out of date software is one of the biggest risks you can take with digital security. Hackers work to exploit security holes in that software, and in order to stay protected you need to make sure that you update whenever new versions are made available. You might see this referred to as ‘patching’.
Clearly, one of the most important priorities should be to ensure that your anti-virus and firewall are up to date. Most anti-virus software will automatically update, but it will require you to agree to this in advance. Make sure that your keep this software properly patched in order to ensure that it has the best chance of identifying threats.
You will also find that you are notified about updates to software like Adobe Flash. Again, hackers exploit holes in out of date software of this sort and, as much of a hassle as it may seem, it is important that you are running the very latest version. Depending on the operating system you are using, you may be able to set much of your software to update automatically.
You also need to pay very close attention to any online software that you use, such as Wordpress. Out of date online software is especially vulnerable to attack, and you need to keep it patched. The outcomes of an attack, which are common and often seemingly random, can be devastating for a small business’s website. Depending on the hosting service you are using you may be able to do this automatically too. Alternatively, they may be able to send you automated emails when updates are available. Speak to your hosting provider for more information.
Guard your transactions
A vast number of transactions are now carried out online, and businesses of every size are making and receiving payments on the internet. This has transformed the way in which people do business, but this transformation comes with its own risks.
If you intend to take payments online, you need to ensure that the transactions are secure. The industry standard means by which this is achieved is called SSL. This is a protocol that encrypts data sent between a server and a web browser. If you want to take payments through your website, it is vital that you have a properly issued SSL certificate. You will be able to secure this through your hosting company. Remember that taking secure transactions will also require you to develop an online payment process, or to use a third-party solution to help you take orders.
Paypal is the most popular of these third-party options. Using Paypal’s service you can accept payments online without having to go through the rigmarole of securing and maintaining SSL certificates. Instead, you use their own secure platform. You can find more information about the service on Paypal’s website.
You should also take steps to ensure that payments you make are also secure. Look for the SSL logo in the corner of your browser’s address bar, and heed browser warnings about out of date certificates. You might also want to look for logos from organisations like VeriSign, which verify the security of a transaction process.
Train your employees
Finally, you should remember the importance of your employees. More than one in ten small businesses has suffered a security breach as a result of employee error. In order to protect yourself against these risks, you need to make sure that your employees are properly trained.
This will involve writing a security policy. Depending on the size of your business this may be a reasonably short, simple document, but it should set out the parameters of acceptable internet and computer use amongst your employees. You might choose to augment your policy by blocking access to certain high-risk sites on employees’ computers. Again, there is a range of free software available online to help you do this.
Once you’ve drawn up your policy, make sure that it is properly distributed amongst your employees, and that they understand the importance of sticking to it. Your employees must be a key element of your overall digital security strategy.
In addition to circulating your policy, you should ensure that your employees are properly trained not only in the usage of the software they need, but also in basic digital security. Consider running annual refresher courses to make sure that they are kept up to speed with developments.
This guide is accompanied by a video, which offers a quick-start introduction to digital security, and which you can watch above.
Simply Business is also running a round-table Google Hangout discussion on digital security. You can participate for free at 1pm on Tuesday 20th August. Sign up here, and check back for a recording of the event.