Make your business harder to hack in just 7 simple steps
With businesses large and small almost completely reliant on digital technology, some form of hacking is now almost inevitable.
SMEs are catching on to the fact that they need to get their cyber security up to scratch. However, they may still be slightly in the dark when it comes to devising systems and strategies that really shape up to the modern-day threat landscape.
With that in mind, here are 7 easy steps to make your business harder to hack.
1. Take the layered approach
Layered security isn’t exactly a new concept in IT, but it’s one that is becoming more important to follow.
Having a security system that is layered will help buy you extra time in case of an attack. It is risk mitigation that spans your whole environment. The layered approach can be implemented at any level of your overall strategy, from the IT administrator to the employee that accesses the internet from their home or a local café.
The idea behind layered security is that any single defence is open to weakness or will be exposed to flaws, so employing a series of different defences will help cover the problems others have. Some of the most common layer security solutions provide capabilities such as; anti-virus, firewalls, anti-spam, system controls, privacy controls. For a business, this is a quite simplistic layered system, but by working with an expert IT provider companies can create a customised system that works for them.
2. Ensure proper network visibility
Having network visibility can help you fight the bad guys by identifying them before they get started.
However, the truth is that few IT administrators really know what’s going on inside their network. This is generally because they lack the automated visibility and analytics tools to spot, understand, and respond to threats.
Network visibility allows you to scan data, count, spot, and apply policies. Accessing these kinds of analytics is the key to dealing with incidents, as it allows you to get a clear view of what’s happening and any anomalies that come up will be easier to find and respond to.
3. Employ policy-driven web protection
Complete web protection is a critical layer of your security. With this, you can control, monitor, and enforce web policies through a single front end.
Web protection should always be approached as policy driven. This kind of approach allows you to keep things the same across all aboard, but also means you can modify your web protection for different employees/teams etc. Multiple devices have a central point of contact, which can be edited and scaled to suit any business. This is in stark contrast to having device-led protection, which can be confusing and result in some devices not being adequately protected; leaving businesses exposed to hackers.
Some of the key things you can do with a policy-driven web protection system are; apply website filtering by time/content/device, check bandwidths across the board to stop throttling, and ultimately protect against legal liabilities.
4. Always manage your patches
No matter how much you scan for cyber attacks or apply updated policies, new vulnerabilities will be constantly found and exposed. So much so, it’s unlikely any business could keep up.
While patch management isn’t a cure-all solution, it will give you a good chance of keeping up with cyber attackers. To ensure you stay on top of this you should subscribe to software/hardware providers notifications, stay on top of security news in your industry, and always patch as quickly as is safe. Because patch management is not only about knowing when a patch is available but also stable. Updating to an unstable patch, for example, will ultimately just put you in more danger and potentially do damage to your business.
5. Encrypt encrypt encrypt
Encryption is one of those safety things that nobody wants to do because it always comes across as finickity and unnecessarily time-consuming. But really it is an absolute necessity if you want to be as safe as possible. Plus, it doesn’t have to be complex, expensive, or considered difficult.
A business’s best option is to encrypt only the data that is the most valuable to them and the organisation. The focus should go on encrypting that and encrypting it strongly.
When you encrypt valuable data you are keeping it out of the majority of hacker’s hands (although admittedly, the government and some industrious hackers may still be able to get at it – hence why encryption is only one part of the layered approach).
Some easy encryption services that already exist to help you out include; tablet and smart devices using firmware encryption built into the OS, websites that use HTTPS and HTTPS Everywhere, and VeraCrypt for USB memory sticks, which is an open source encryption container.
6. Authenticate now and forever
To really keep your passwords safe you need to get on the authentication train. Authentication includes the use of password managers and multi-factor systems. It’s a truth universally acknowledged that passwords that are long, complex and strong enough are almost entirely unmemorable. Particularly when you consider the number of different passwords that are necessary to remember these days. This is where password managers come in.
LastPass and 1Password are two popular providers that work well for business and have several tools and services available to keep you safer. But even then, you’re not finished! To be the most secure you can be you should use multi-factor authentication. Two-factor authentication is the best bet, and although it can be a bit of a pain, it is worth it for the additional security it provides.
7. Erase everything securely
Secure file deletion is sometimes not even thought of, but it’s actually an important part of a layered security system.
Simply deleting something does not necessarily remove it from the data security equation. Formatting a drive doesn’t securely erase the data.
You want to make sure that deleted info is almost (read: almost) impossible to retrieve. The best way to do this is by encrypting your valuable data then using a secure deletion tool on individual files and folders. A free tool like Eraser will overwrite drive space using 35 random patterns, but it doesn’t encrypt. If you have data you really need to ensure is never seen by potential hackers then you may be better served employing someone to shred your legacy hard drives.
Want to make sure that your business is as hard to hack as possible? Talk to us about your IT and web security.
If you’re looking to make your employees the first line of defence again email fraud, then our Phishwise training solution is for you. Successful phishing attacks are one of the biggest threats to your business, so making sure you and your employees know what they look like and how to respond is critical. Visit the Phishwise website to learn more about our packages and contact us for full details.