Cybersecurity can seem a daunting challenge for start-ups, small businesses, and  large organisations alike. A few months ago we saw the scale of the damage caused around the world via an erroneous software update at CrowdStrike. Whilst the outage was not brought about with malicious intent, it will have made many businesses stop and consider the cybersecurity measures they have in place.

We’ve outlined below 10 ways in which you can make your cybersecurity more robust, and which could ultimately save you time, resources, worry and even your business’s reputation. Acting on these measures can’t guarantee protection from all types of cyber-attack, but they could significantly reduce the likelihood of your business falling foul of a cyber-crime in the first instance.

1. Back up your Data

If you consider how much you depend on your business-critical data, such as customer details, quotes, orders, and payment details, you’ll realise that your business would struggle to function, even in the short-term, without them.

Every business should regularly back-up vital data and ensure that these back-ups are recent and can be restored. By doing so, your business can continue to operate in the aftermath of physical damage, theft or malware.

However you store your data back-up, access should be restricted so that they are neither accessible by staff, nor permanently connected (either physically or over a local network) to the device holding the original copy.

Ransomware, and other malware, can often move to attached storage automatically. For resilience, consider storing your backups in a different location. Cloud solutions are a cost-effective and efficient way of storing data back-ups, as your data is physically separate from your location.

Most network or cloud storage solutions will enable you to back-up your data automatically, which will save time and ensure you have the latest version of your files in the event of an emergency.

2. Protect your Business against Malware

Malware is software or web content that can harm your organisation. The most common types of malware are viruses, which are self-copying programs that infect legitimate software. Malware is most commonly distributed by email, so consider an email filtering service, which will aim to send emails containing malware directly to a quarantine, thus reducing the risk of the user clicking on a malicious link or opening a malicious file.

The rules determining email filtering should be refined for your company’s needs. If the rules are too relaxed, suspicious emails will be delivered directly into inboxes and users are left to filter their own messages. It’s infinitely possible that a user with a heavy workload might click on a cleverly disguised malicious link or attachment. Conversely, if rules are too strict, genuine emails could easily go astray. In all likelihood, the right balance will be achieved over a period of time.

Antivirus software, which is often included for free within popular operating systems, should always be installed and enabled on all computers and laptops.

3. Updating Software

Ensure your software is always kept up to date with the latest versions from developers.  Prompt patching is essential for effective cybersecurity; when a new patch is released, attackers will quickly identify the underlying vulnerability in the application and release malware to exploit it. If a hacker can successfully attack before the target patches the vulnerability, there is a high risk of a data breach.

Operating systems, programmes, phones and apps should all be set to automatically update wherever this is an option. As the product reaches the end of its supported life, these updates will no longer be available and at this point it is recommended to replace it with a modern alternative.

4. Firewalls are important

In essence the Internet is a public network, which means that any connected computer can find and connect to any other connected computer. A firewall helps create a barrier between the Internet and your own computer or network. It enables you to program traffic coming in and going out.  So a firewall can help protect against hackers trying to breach your network, viruses that spread from computer to computer, and some outgoing traffic originating from a virus.

Most popular operating systems now include a firewall, so it’s likely that you’ll just need to ensure it’s switched on. For offices, it is recommended for a physical firewall to be deployed and manged to filter harmful traffic before it reaches the organisation’s internal network.

5. Keep your Mobile Devices Secure

Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office, they need even more protection than desktop computers.

IT administrators can use mobile device management software (MDM) to help manage a company’s fleet of mobile devices. It will set devices to a standard configuration from a central point with one click. To improve security, rules on password protection, automatic software updates, downloading apps and the use of USB can be enforced using MDM.

Employees are more likely to lose  their phones or laptops when they are away from the office or home. Most devices now include free web-based tools that are extremely useful should they go missing. These tools can track the location of a device, remotely lock access to the device, remotely erase the data stored on the device and retrieve a backup of data stored on the device. They can all be managed via MDM.

Regardless of the type of phone or laptop your organisation is using, it is essential that  all devices are kept up to date. All manufacturers, whether Windows, Android or MacOS release regular updates that contain important security information to keep each device protected. This process is quick, easy, and free; devices should be set to automatically update, and as with software, once a device reaches the end of its supported life, an upgrade is recommended.

6. Be Cautious using Public Wi-Fi

The biggest threat to free Wi-Fi security is the potential for a hacker to position themselves between you and the connection point, making it possible for them to see what you’re working on whilst your connected, as well as your logins for apps and web services whilst you’re logged on.  In this case, instead of communicating with the hotspot, you’re relaying your information directly to the hacker.

Hackers can also use an unsecured Wi-Fi connection to distribute malware. If you enable file-sharing across a network, the hacker can easily plant infected software on your device.

Your best defence is to use your mobile network, with its built-in security. This enables tethering, where your other devices such as laptops share your connection. You can also use Virtual Private Networks (VPNs), whereby your data is encrypted before it is sent across the Internet.

If you do need to use public Wi-Fi, check you’re connected to the right network, use 2-FA, turn off file sharing, use SSL connections and assume all the aforementioned safety protocols, such as enabling your firewall and updating software.

7. Robust Password Management

Passwords are an easy way to protect your data and there are various options, including: a screen lock password, PIN, or other authentication method, such as fingerprint or face unlock.

Firstly, it is advisable to avoid using guessable passwords and never recycle your passwords. IT systems should never require users to share accounts or passwords to do their jobs. Every user should have personal access to the right systems, and at the right level to avoid access to unnecessary data.

A common mistake is not changing the manufacturers’ default passwords that smartphones, laptops, and other devices are issued with. We recommend regularly checking hardware and software specifically to detect unchanged default passwords.

Password overload is an issue, so we suggest using a Password Manager. This is a tool that can create and store passwords which you access via one master password.  It can also store other information such as bank card details and intrusion alarm codes. Since the master password protects all of your other passwords, it needs to be strong. We also recommend using 2FA on your accounts whenever it is offered.

8. Avoid the Most Common Phishing Attacks

In a typical phishing attack, a scammer sends a fake email requesting sensitive information or containing a link to a malicious website. They might try to trick the recipient into sending money, steal personal details to sell, or there may be a political or ideological angle to accessing a company’s information.

Phishing emails are becoming more sophisticated and all businesses are likely to receive phishing attempts. There are ways to spot these attacks, and regular security training for employees will help keep them vigilant to potential phishing, but there will be limits to what can be expected.

That said, many phishing emails come with traditionally obvious warning signs, such as poor spelling or grammar, addressing the recipient as a ‘friend’ or ‘colleague’, rather than by name, and creating a sense of urgency, possibly including threatening undertones.

9. Consider User Privileges

Access to systems should be limited so staff only have enough access required to perform their role, with extra permissions (i.e. for administrators) only being granted to those who need it. Giving staff the lowest level of user rights required to perform their jobs means if they succumb to a phishing attack, the potential damage is minimised.

We advise that staff don’t browse the web or check emails from an account with Administrator privileges. An Administrator is authorised to change security settings, install software and hardware, and access all computer files. So an attacker with access to an Administrator account can do more damage vis-a-vis a standard user account.

10. 2-Factor / Multi-Factor Authentication

We highly recommend setting up two-factor authentication (2FA) or multi-factor authentication (MFA) on critical accounts such as email, and using it when logging into websites with your personal information.

2FA and MFA are easy tools to implement and mean you have a second verification code (texted to your phone or provided by an app or physical key) which further protects your data. So even if a hacker accesses your username and password, they can’t access your accounts without an authentication code.

The Essential Scheme For Cybersecurity

If you’re looking for a way to check that all your cybersecurity bases are covered, then consider becoming Cyber Essentials certified. The Cyber Essentials scheme protects businesses against the most common cyber-attacks and is widely recognised as the baseline level of cybersecurity for organisations of all sizes.

Essentially the scheme is a self-assessment measuring your company’s IT security credentials against a set of technical criteria. Certification brings with it peace of mind, an understanding of a company’s cybersecurity status and engages all IT users within the organisation. It also demonstrates to your clients (or prospective clients) that you take the protection of their data seriously; Cyber Essentials status is sometimes a key criterion for business contracts.

How We Can Help At Comprendo

If you’d like to find out more about becoming Cyber Essentials certified, or would like further information on any cybersecurity solutions mentioned in this blog, then we’d be very happy to help. We offer a free 2-hour Consultation where we can assess your cybersecurity needs and cover any questions or concerns you may have.

You can contact our IT support team at:

>> Tel 0345 527 4394 I Email info@comprendo.co.uk

At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North and West Yorkshire, Lancashire and beyond, including Leeds, Bradford, Harrogate, York, Preston and Manchester. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.