How To Improve Your Cyber Security
By i-confidential Staff
This article originally appeared in the Ownership Associates newsletter. Ownership Associates is a governance advisory service for institutional investors.
The purpose of the article was to give an overview on some cyber security best practices.
What is cyber security, and what does it mean to you?
The term is used to describe an almost endless number of technologies and activities. What really matters though is how you protect yourself, your business, your employees, and your customers.
COVID-19 has thrust the world into a ‘new normal’, forcing many industries to switch to remote working on a scale never seen before, and within incredibly short timescales. Tools like Microsoft Teams, Skype, and Zoom are now business-critical applications for millions of people. These changes may have previously been viewed as both undesirable and unachievable.
Every crisis, however, provides an opportunity to reflect, grow, and improve. You can use this time to bring focus to the critical areas of your business, which should include cyber security. Don’t waste the chance to make some potentially important decisions that will leave you well placed for the future.
To that end, what follows below is some best practice advice to help safeguard yourself and your business:
Education and Training
Make cyber security information and awareness training part of your employee onboarding process. Cover the areas of cyber security most critical to your particular business. Password security, phishing, and social engineering attacks all need to be included. Keep training all of your employees on a regular basis, at a minimum annually, as the cyber security landscape is ever-changing.
Enable Firewall Protection
Ensure your company’s IT network is protected by a firewall. Depending on your size, this may range from the free Windows firewall programme to a number of physical devices in a data centre. In any case, having a firewall in place is the first line of defence against a variety of cyber-attacks. A firewall works by using pre-determined rules to decide what traffic is allowed into an IT network, and what traffic is not. In simple terms, ‘good’ traffic is allowed in and ‘bad’ traffic is blocked. Firewalls become even more important when employees are working remotely. If they are using personal devices, these absolutely MUST have firewall software enabled. Consider providing employees with your approved firewall software for free – it’s a worthwhile security investment.
Malware is software designed to cause damage to a computer, server, or IT network. A wide variety of malware types exist, including computer viruses, worms, trojan horses, ransomware, and more. All of these attacks can be mitigated by installing reputable anti-malware solutions. They can prevent malicious software from entering your network and are incredibly useful tools. Like all software, it is important to keep these apps updated, as they evolve constantly to address the latest threats.
With seemingly endless online accounts to manage these days, it is tempting to re-use the same password. If there is one account which you should definitely create a unique password for, however, it is your email account. Your email likely contains much of your personal information, and acts as a stepping stone to your other accounts online. If your email account is hacked, a cyber-criminal could potentially reset all your other passwords.
In addition, passwords that contain simple words and phrases, or relate to you in some way (such as your birthday) can be compromised in seconds! Using a complex password that’s lengthy and unusual makes it much harder to be guessed or hacked.
Firewalls, anti-malware tools, and strong passwords are all effective ways to protect against cyber threats, but it is worth emphasising again the value of training. By educating your staff on how to avoid suspicious websites, emails, and other scams in the first place, you can greatly reduce the possibility of cyber criminals ever reaching your network. It’s low tech, but it really works!
There are many reputable websites available with helpful tips and information. If you would like to read further about cyber best practices, a good place to start is the National Cyber Security Centre’s (NCSC) online awareness page.
The NCSC has also produced guidance on how to set up and use video conferencing services, such as Zoom, safely and securely.
The pandemic is deeply troubling and presents many challenges, but it can also free you to ‘think again’ about your business and the things that really matter, leading to positive, lasting changes. So make sure to take a step back and revisit the fundamentals of cyber security.