5 Simple Steps to Securing Your Business Data

It is vital that you take regular backups of your important data and that you test that the information can be restored. This will help reduce the impact of successful attacks including ransomware.

Your most important business asset is data.

After all, without customer information, order details or product data, you will not be able to perform any business activities. Imagine partially or even completely losing your business data. It could mean the beginning of the end. At the very least, it would seriously damage your company image. 

HERE ARE OUR TOP 5 TIPS TO GET YOU STARTED:

1. Identify the data that needs backing up
   The first step is to identify your critical data. This may be from a web server, important account or customer information, or just your “My Documents” folder.
    
2. Make backing up part of your daily routine
   Make sure your files are set to automatically backup at least once a day – or that you are manually backing up at the end of each day.
    
3. Ensure your backup device is not permanently connected or syncing
   Make sure that your files are not set to constantly sync. This may seem counter-intuitive, but software such as dropbox may become a hindrance if an attack alters or removes your important files and the corrupted data is automatically synced to your backup.
    
4. Consider a cloud based or managed backup service
   Consider a cloud based backup solution so that your backup data is stored offsite and accessible from all of your devices. CyberSteps offers an affordable managed service from £14.99 per month, you can find out more here.
    
5. Regularly test recovery
   Regularly test your backup procedure to ensure it will function when you need it most!

5 Simple Steps to Staying Secured Against Phishing

Attackers will attempt to gain information or even access your computer using phishing emails. These are often designed to emulate genuine emails from companies such as Amazon or even invoices or other information from clients. There are a number of simple steps that can be taken to lower the success rate of attacks, or to lessen the impact of successful attacks against your business.

Phishing is threat to companies of all sizes

With small businesses less likely to be able to absorb the financial hit of a data breach or the downtime caused by an attack, its important that the whole team is aware of the threat and how to spot a phishing scam.

HERE ARE OUR TOP 5 TIPS TO GET YOU STARTED:

1. Only use a "Limited" user account not and Administrator account for day-to-day activities on your computer.
   This will help lessen the damage if a phishing attack is successful. The Principle of Least Privilege suggests that users should always be given the lowest amount of privileges possible.
    
2. Check for poor spelling or grammar – or low-quality images.
   Phishing emails are often worded poorly, or use low-quality versions of images such as logos. They can contain links to sites that look real – but are actually fake! designed to trick you into entering your login details. They can even make the link seem like it goes to the legitimate site in the email.
    
3. Does the email address look genuine? It may be a close match.
   Attackers will try and send emails from addresses that either pretend to be from the legitimate site, or that look very similar – sometimes swapping 0's for o's or 1's for I's etc.
    
4. Support staff that fall victim to a phishing scam.
   If staff are punished for falling victim to phishing emails, they will be less likely to report it in the future. The best way to help prevent your team from falling from these kinds of scams is to go over the phishing email as a group and collectively highlight what parts of the message to look out for in the future (misspelt email address, fake links etc).
    
5. Run an antivirus scan and change passwords after an attack
   If an attack was successful change user passwords and run an antivirus scan as quickly as possible. If you reuse the same password on social media or other websites, change your passwords there as well.

We all use passwords everyday

Whether its to login to our online business banking, accessing our work email, or even just logging into our computers.

But what goes into making a "Secure" password?

How can you make something thats complicated enough not to be guessed or brute forced by cyber criminals, yet still be simple enough to remember with so many of them rattling around our heads?

Amongst the million and one other things small business owners have to remember each day it can be a real headache. Follow our 5 quick steps below and you'll have a solid system for instantly creating unique complex passwords that you will always be able to remember.

HERE ARE OUR TOP 5 TIPS TO GET YOU STARTED:
 

1. Make your passwords very long
   The longer your password, the harder it is for a cyber criminal to crack it. Use four random common words like "Correct, Horse, Battery, Staple" that are unrelated to each other and make no grammatical sense but are easier to remember than a gibberish password like Tr)ub4dor&3.
    
2. Use an uncommon phrase and avoid any personal information
   Personal details like the names of your children, pets or hometown are easy for cyber criminals to guess or find out from online sources. Uncommon random words make the best passwords.
    
3. Create a "Passphrase" that you can easily remember
   Using the example of "Correct, Horse, Battery, Staple" we can create a random passphrase. By sticking the 4 random words together and adding a symbol and a number (your door number perhaps?) we'll have a really strong passphrase for example: CorrectHorseBatteryStable@31
    
4. Always use a fresh password for each site or service
   Each online service or account you use should have its own unique password otherwise if cyber criminals compromise one of the services you use, they could gain access to all of your accounts in one go. Using the strong passphrase we created at step 3, we can simply append it with the name of the service for example:
   
   CorrectHorseBatteryStable@31amazon or CorrectHorseBatteryStable@31facebook
   
   this means that you'll have an easy way to remember hundreds of unique passwords, but only have to remember the one passphrase.
    
5. Use a password manager
   A password manager like 1Password will safely create truly random gibberish passwords for all of your accounts and store them all in a safe way.
   There are apps for your computers and smartphones and it really takes the hassle out of securely creating and remembering all of your different credentials. 1Password also allows you to create secure sharing "Vaults" that let you safely share passwords with your team members, a fantastic alternative to insecurely emailing passwords back and forth between team members. 

Smartphones have transformed the way we do business

Whether its taking orders on the go, replying to clients emails whilst commuting to the office or answering business VoIP calls from anywhere in the world as if you was at your desk - a huge amount of work that employees used to do at their desks can now be done on our smartphones.

However, as with all good things, there can be downsides too.

Our smartphones hold huge amounts of sensitive data, from customer records and emails, to accounting details and apps, its really important that we treat the security of these devices the same as we would a business laptop or computer.

Here are our top 5 tips to get you started:

1. Switch on PIN, Passcode or Finger Print Protection.
   This will serve as the first line of defence should someone get a hold of your smartphone. It means that without your unique PIN, Passcode or Fingerprint nobody will be able to get into your device and access the sensitive data stored within it.
    
2. Turn on "Find my iPhone / Device" so it can be located or remotely wiped.
   Enabling your smartphones remote location feature will enable you to track the location of your device online if it gets lost or stolen. Most importantly, it will enable you to remotely wipe all of the sensitive data from your device if it cannot be retrieved.
    
3. Make sure you regularly check for device and app updates. Use "Automatic Update" option if available.
   Installing the latest updates on your smartphone is critically important, this will keep you protected from security vulnerabilities that get discovered and keep your device running smoothly.
    
4. When working on sensitive data, don't connect to public WiFi. Use 3G or 4G or a trusted VPN service instead.
   Public WiFi networks are often unmanaged and unmaintained, criminal hackers can take advantage of this and install malicious software onto the routers that can monitor and intercept your smartphones communications data. Likewise, anyone else on the same "Open" WiFi network as you can see your data. Using 3G or 4G protects you from this kind of snooping - alternatively see our post on VPN's to find out how a trusted VPN can keep you safe when on the move.
    
5. When the device manufacturer stops producing updated its time to upgrade to a newer device.
   Once your smartphones manufacturer stops releasing updates and security patches for your device its time to upgrade. Most smartphones are supported by the manufacturer for at least 2 years from release, with Apple's iPhone's taking the crown offering a whopping 5 years of support and security updates.

What next?

Implementing these 5 simple steps will make a huge difference to the security of your business smartphones, and help you stay safe online.

If you would like some further guidance on this or any of the other topics covered on our blog then feel free to contact one of our friendly small business advisors on: 01684 600 001 or hello@cybersteps.co.uk