Through using a range of IT equipment and the Internet for advertising and selling online, many businesses have made great strides towards success. Although the Internet brings tremendous business opportunities and benefits, it also brings risks. Every day cyber criminals are advancing their activities to steal sensitive business information. There is no time you can consider yourself to be 100% foolproof of being hacked, but you can always minimize the chances of such happening.
Cyber security is about protecting your IT equipment including computers and phones, and information from unauthorized access, theft, change or destruction. It is ensuring that the policies for information security in your business are guided by the CIA triad,(Confidentiality, Integrity, and Availability). Good cyber security policies can enhance the reputation of your business, hence, opening up new commercial opportunities.
You can keep your business and customer information safe and protected against online threats by putting some simple measures in place. Being an IT expert is not necessary as these actions are simple, and you can easily follow them to improve your security.
Getting the cyber security basics right
Some simple actions like the ones below will reduce the risk of online threats to your business
1. Update your software
Updates usually come with new security patches to keep your devices and business safe. Always download software and application updates as soon as they are released.
2. Use strong passwords
Mix up characters in your passwords to reduce the chances of a hacker guessing it right. Include both upper case letters and lower case letters, numbers and symbols to make the password secure.
3. Use antivirus software
Your business computers, smartphones, tablets, and iPads can easily be infected with viruses or malware. To help protect your information, install Internet security software on all your devices.
4. Get rid of suspicious emails
If by any chance you suspect the legitimacy of an email, delete it immediately. Even clicking to open it is a risk as it might contain malware that can automatically copy your browsing history to a hacker’s server.
5. Train your staff
Most cyber breaches are as a result of an employee unintentionally giving out sensitive business information to hackers – who confront the employee as a genuine person through social engineering. Train your workers to be aware of such cyber threats. Another way an employee can intentionally share information is through receiving malicious emails. Train them to delete suspicious emails immediately. Let them also know the importance of and how to set strong passwords on all their devices.
Taking a risk management approach
As you already know, you cannot be a 100% foolproof when it comes to cyber security. That is why you need to know about risk management approaches and ensure that you put in place necessary measures. There are three steps to management that you should follow; Planning, Implementing, Reviewing.
You need to plan for cyber security from the start and ensure it is part of your normal business risk management procedures. How?
- Consider if your business could be a target, do research and learn from others.
- Find out if you should comply with personal data protection legislation and Payment Card Industry compliance.
- What are the information and financial assets critical to your business and do you receive payments through your website?
- The IT equipment that operates your business, including mobile and personal devices should be assessed. Understand how they are currently managed as they are all at risk.
- Check on strength and level of password protection required when accessing your business equipment and online services by your employees.
- Staff training is also necessary to create cyber security awareness.
- Ensure that whoever deals with your systems and data has the necessary security controls in place
- Malware protection – antivirus software should be installed on all systems, update regularly.
- Network security – put in place firewalls, proxies and access lists to protect your networks from external attacks.
- Managing user privileges – access level controls should be put in place prevent unauthorized access.
- Removable media – media such as flash drives, memory cards should not be used on business systems as they may carry malware from outside.
- Encryption – sensitive data should be stored or transmitted after encryption.
- Monitoring – all IT equipment should be monitored, always take activity logs and be able to notice any malicious activity.
Ensure you monitor and improve the security controls you put in place on a regular basis.