Friday, 2 June 2017

SME's Guide to Better Cyber Security

Enterprise Nation has published a guide for small businesses looking at the critical subject of cyber security with Kaspersky Lab.

Cybercrime generally grabs the headlines when a huge multinational or government is the victim, but the smaller cases are arguably the bigger story.

The truth is any business can become a target. The good news is there’s still a huge difference between being a target and a victim. For the most part, it simply comes down to being prepared.

1. Assess the Risks

Conduct a security audit, identifying your business's security strengths, weaknesses and opportunities for improvements. 

Consider:
  • Staff (habits, adherence to IT policy)
  • IT infrastructure (web servers, network devices, workstations, etc.)
  • Data - IP, customer and partner (where it is stored, how it is stored, what might be of interest to attackers)
  • Suppliers (exposure to their systems, level of protection, their cybersecurity IQ)
  • Email policies (date last updated, enforceability)
  • Software vulnerabilities (including your update regime)
  • Administrative rights and network permissions (whether employees have access only to the data they need to be effective)

2. Get Educated

Hopefully, you and your team understand that there are certain types of sites you shouldn't be visiting at work, but you also need to be careful to only transact sensitive business on secure websites and to be wary about attachments and links in e-mail and other forms of message. These measures apply equally to laptops, static PCs, tablets and mobile phones.

3. Password Policy

Make sure you have a strong password policy and ensure your team aren’t making any of these classic password errors:
  • Using easy-to-remember but easy-to-guess options such as 'password' or '123456'
  • Using their email address, name or other easily obtainable piece of data as a password
  • Setting password reminder questions a hacker could answer with just a little research, mother's maiden name for example.
  • Making only slight, obvious modifications to regular words, such as placing a '1' at the end
  • Using common phrases. Even small sentences such as 'iloveyou' are easily cracked
  • Make use of two-factor authentication, to limit the damage that can occur if an attacker manages to obtain a password.
  • Remember that on a mobile device, a weak PIN or password becomes a single point of failure, allowing easy access to everything you do on your device.

4. Keep your software up to date

That means not only using automated updates to top up your security software every day, but updating your operating system and all of your other software too. Make sure everyone in the business does the same. 

5. Banking

From directing you to fake versions of trusted sites, to using malware to spy on your activity and capture passwords, cyber criminals have a number of methods for obtaining your financial information. You need to take active measures to stop them.

It's also best to avoid including such information in emails, which may be seen by eyes they weren’t intended for.

Visit enterprise nation for the full guide at https://www.enterprisenation.com/blog/posts/a-small-business-guide-to-cyber-security

No comments: