Top 5 Tips for Securing Your Business
- Use Strong Passwords
When it comes to creating a password, you need make sure that it is complex. Using a simple password such as “Password” is equivalent to using a stick as a lock - easy to break. Be sure that you are using a mix of special characters, lower/uppercase characters and numbers. A good way of generating a secure and memorable password is by taking simple phrases and using the singular letters or numbers from each word in that phrase. For example, ‘Brighton is a seaside town in Sussex’ would generate a password such as B1aStI5.
It’s also key to remember that you should not be repeating these passwords across multiple platforms.
- Update Software and Apps Regularly
Having outdated software means that not only will you have to deal with those annoying bugs and crashes, but also leaves holes for cybercriminals to exploit. When software is updated, it is common practice for developers to publish patch notes which point out the flaws in previous versions. A blueprint for a cyber-attack.
Make sure you regularly check your software and app versions and always update when a new version is available.
- Use Multi-Factor Authentication
Using passwords alone to protect your most important information is no longer enough. Multi-Factor Authentication (MFA) further protects accounts by requiring the user to verify who they are with at least 2 factors of the following:
• Something you know (e.g. password)
• Something you have (e.g. mobile device)
• Something you are (e.g. fingerprint/facial recognition)
It is essentially a double layer of protection for your accounts and sensitive data.
- Educate Your Staff
Just because not every user has access to sensitive data it doesn’t mean they can go on being as reckless as they like. Staff can also create major problems even with minimal access often a result of their email being compromised.
If hacked, a spiral of events can occur. The cybercriminal may send malicious links posing as the staff member to gain trust of other employees to get them to click the link or transfer funds to an external bank account. Even if the email account is recovered, cyber-criminals may still have access in other ways. Forwarding rules could have been set up, for example “If the email contains the words ‘bank’ or ‘money’, forward to email X”.
It’s good to enforce regular training sessions for staff to keep them up to date on dangers online, because new threats are always emerging and it’s important for staff to understand the signs of a possible cyber-attack.
- Utilise Another Layer of Security Software Such as Microsoft Enterprise Mobility + Security
EMS gives you more control over company data to keep it secure. Included are four separate Microsoft products; Advanced Threat Analytics, Azure Rights Management, Azure Active Directory (AAD) Premium and Microsoft Intune. AAD Premium includes MFA and many other password/login related processes and Intune enables management of mobiles, apps and data. EMS is also included as part of Microsoft 365 for Business.
Thank you to Astec for writing this blog.
Check out Astec’s full blog here, or for further information on how to secure your business, contact Astec today on 01424 460721.