CYBER SECURITY
on a daily basis that all your applications, including your operating system, have the latest service packs installed and updates implemented. These simple solutions can also apply to mobile devices.
“As with any security system – cyber, physical or property – you must always remain vigilant, as an automated system can only do so much and must be backed up by a human operator. When something needs protecting and a process (for example, receiving an email) does not look or behave as it should, there may be a more sinister reason why.” The National Cyber Security Centre (NCSC), part of GCHQ, has published a Cyber Security: Small Business Guide, which offers advice on how to protect yourself against the most common types of cyber attack. The guide makes a number of simple, low-cost recommendations on how to keep your systems safe.
Back up your data
Make sure you carry out regular back-ups of all your business data – this should include documents, emails, contacts, customer data, and calendars. Make sure the information is backed up in such a way that it can be restored quickly, if necessary, and test that the restore process works. Never leave a physical back-up device, such as a portable hard drive, permanently connected to the machine it is backing up from.
Where possible, consider backing up your data to a secure site in the cloud, or store the physical back-up off site, away from your office or computers, so that it is safe in the event of a fire or theft.
Keep your devices safe Any smart device that is connected to your company network carries an inherent security risk, as it can be used to access other information linked to the same network. These devices are typically phones or tablets, and must be kept secure in a different way from standard desktop computers or laptops. For all mobile devices issued to your staff, before it is handed out switch on any available PIN/password protection or fingerprint recognition. Change any preset passcodes and never leave them on default or factory-set passwords, such as 0000 or 1234. Always set up the maximum amount of security available, which for many smartphones means activating two-factor authentication. This means that even if an attacker uncovers the passwords, they still won’t be able to access the account. For phones, tablets and anything that could be easily stolen from a branch, or which might be taken home by employees as part of their role, configure the device so that, if it is lost or stolen, it can be locked or wiped remotely, or even tracked.
Always keep all software and apps on your devices up to date. Many standard software updates will also contain security patches to
22
protect your device from any newly discovered vulnerabilities.
Train your staff to never use public Wi-Fi hotspots to send sensitive customer data, as these networks may not be secure. Instead, use 3G or 4G connections, or wait until they are back at the branch and can access your own WiFi system.
Prevent malware damage Malware is the term used to describe malicious software such as viruses, worms or spyware, which hackers can use to gain access to a computer through attachments sent out with pfishing emails, or if someone uses a device connected to your system to visit a website that has, itself, been hacked.
The best way to protect yourself against malware is to install antivirus software on all computers and laptops, and to only download software from official sites such as the App Store or Google Play.
If you have a reasonable-sized IT department, you could also prevent your staff from being able to download any software or updates, so that instead they must bring the devices to your IT team to update on a regular basis.
For desktops and laptops, set up your antivirus software to run regular, automatic scans for any malicious code at a time when the system is less likely to be in peak use, so that any problems or risks can be identified and tackled quickly. Again, always download the latest software updates when they become available, as they usually contain security updates as well as new functionality.
Avoid phishing attacks Phishing is where scammers send fake emails asking for sensitive information such as bank details, or asking you to click on a link to an unknown website. They may also try to trick you into changing financial details of your suppliers or customers, or ask you to send money to a new account to pay a bill or complete a purchase.
Pfishing attacks are among the most
common ways that a business will come under cyber attack. These emails are getting increasingly difficult to spot as they become more sophisticated, but obvious signs to look for may include poor spelling or grammar within the email itself, or logos – purporting to be from the company – that are blurry or out of focus. Check whether the email address behind the contact name looks genuine, as often the email it’s pretending to be from is not where it actually originated.
Beware of emails or messages that seem to be from friends or work colleagues, especially if they are asking you to click on a link, or requesting personal details that seem out of the ordinary. Again, these may not actually be from the people you think they are from. It is vital that you train all your staff on what to look for, and that you don’t just assume everyone knows the risks.
A good rule of thumb, if you are in any doubt, is to not respond to the email, and to instead contact the organisation or person directly by telephone using the number that you would normally use (and not any contact details on the suspicious email).
Password protection Secure passwords are key to protecting yourself and your company from a cyber attack – but only if you keep them safe. With modern life now requiring passwords for so many different things, however, it can be tempting to use the same ones for everything. NCSC advice here is to avoid being predictable. Instead of allowing your staff to pick their own passwords, set up strong passwords that contain a mixture of letters, numbers, symbols and uppercase/lowercase letters to create a more secure password. More information and advice on how to protect your business can be found online at
www.ncsc.gov.uk/smallbusiness BMJ
© Crown copyright 2018. NCSC information licensed for re-use under the Open Government Licence (
http://www.nationalarchives.gov.uk/ doc/open-government-licence).
www.buildersmerchantsjournal.net November 2019
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
