It’s been suggested that small- to medium-sized businesses will potentially be targeted more in the future by cyber criminals.
Larger companies have in-house IT staff who maintain their IT systems and reduce the chance of a successful threat. Whereas, with smaller businesses, they may face great financial pressures with employing IT staff and may not be able to consider a permanent IT person.
Therefore, it’s essential to use a knowledgeable IT company to provide the right support for a reasonable fee. If your business is located in London, professional IT support firms like https://www.computersinthecity.co.uk/ will provide you with up-to-date, affordable advice.
Cyber security in the office
It’s likely your IT team will begin with a security inventory, and at the top of their list is ensuring staff don’t reuse passwords. The common habit of using the same password for different sites is dangerous, and staff need to be trained to use dissimilar passwords and to change their passwords on a regular basis. The use of one password for various sites is akin to putting a sign on the front door saying, ‘the door key is under this flowerpot’.
With professional IT support, there are many ways to increase cyber security in a SME.
Some approaches can include the purchase of Two-factor authentication (2FA) software, which need not be expensive. What this does is require staff to use a PIN (which is sent to them as they log in to a site), password first, then PIN; sometimes questions are used rather than a PIN. The phone used by a staff member needs to be registered with the software provider.
Therefore, the business should maintain a list of staff phones and phone numbers; if a phone is lost, then the SME manager notifies the 2FA company and that number is no longer used. There’s thought to be a progression taking place in IT security, from straightforward passwords to password and two-factor authentication, and then onto biometrics. However, what the average SME needs to do is concentrate on the basics and do those well.
Office cyber safety and more security tips
In summary, ensure staff 1) use a separate password (and username) for every site they visit, 2) change passwords frequently, especially when prompted to do so, and 3) do not retain a spreadsheet of passwords and usernames on their work computers (this is easily accessible to hackers). Should staff need to remember a number of passwords and usernames, they may document this on a spreadsheet kept on a USB, and not on the actual computer/laptop. Staff can then use the USB to access the list of their passwords, use a certain password, securely withdraw the USB, and close the tab. Leave no trace of the spreadsheet on the laptop.
One thing to remember about security questions used as an identification method is to dismiss the advice “honesty is the best policy.”
It’s worth developing some lying skills, as far as IT security goes.
Rather than answering honestly to questions like your mother’s maiden name or the name of your primary school, consider having a battery of false answers for these questions. The reason is sites which often use such security questions are known to often on-sell that information, however thinly disguised it may be. Therefore, it’s relatively easy in many cases for hackers to acquire this useful information. There’s value in taking this a step further, too; if the same answers are used for different sites – and if those answers are compromised – then they serve no value whatsoever. So, have a sheet of alternative answers; for example, mother’s maiden name – McGibbins, Tafferty, Jones, etc; for pet’s name – Periwinkle, Bluesywuesy, Sherlock, etc. Therefore, for each site’s security questions, there is a set of answers ready to use.
Remember, though: the problem with lying is to remember what was said, so write your answers down and keep in mind which ones were used for which site. The X-Files famous tagline, “The truth is out there” is the main problem in remaining cybersecure; it probably is, so a little lying goes a long way insofar as security is concerned.
Cyber security on the go
Staff must often travel; that’s part of business. While travelling, it isn’t unusual to use USB ports, either; this might be recharging at the airport, on the bus, possibly in a hotel, or at a conference. There’s always the possible danger of viruses lurking, as unscrupulous parties have the ability to infect USB ports. Consequently, a simple way to thwart this is by carrying a USB charger. These are reasonably cheap and can be plugged into a main wall socket, thereby bypassing the need to use unknown USB ports.
Additionally, when travelling it’s worth instructing staff to not use free Wi-Fi; it is through this commonly available convenience that cyber thieves can easily acquire information.
There are two ways around this: the first approach is to purchase a mobile Wi-Fi hotspot to use on business trips. These are either plugged into the laptop to provide instant secure internet, or certain models can be placed somewhere nearby in the room, not plugged into the laptop and again, provide secure internet access. Mobile Wi-Fi hotspots are an easy method of defending against free Wi-Fi hacks.
A second approach is by purchasing a virtual private network (VPN), which is software that connects with a distant server and acts like a shield for all of your communications. It essentially encrypts all the e-mails and communication from staff members laptops, shields it when sending, decrypts it at the other end, and allows hack-free communication. There’s a wide range of VPNs on the market, but an IT consultancy would be able to provide the best advice for purchasing the right one.
Cyber security packs for smart travelling
The Australian government has a website called Smarttraveller provided by the Department of Foreign Affairs and Trade; this website provides essential information for people travelling overseas. A SME may wish to emulate this idea and generate a ‘cyber security pack’ for staff who need to travel. This pack would provide clear guidelines and expectations of cyber security for the trip.
Wherever your staff may be, don’t let them get caught unaware by cybercriminals.