It’s nearing the end of Cyber-Security awareness month, and in this spirit we’ve created a bitesize guide to protecting yourself from the most common cyber-attacks. Geared particularly toward small businesses, you may find the information provided below beneficial. Not only will it help you keep PCI compliant, but it could help you reach GDPR compliance too.
Make sure antvirus software is installed on all computers and laptops in your business. Restrict access to downloading third party applications and only install approved software.
Keeping your eCommerce environment patched, as well as updating your antivirus software is crucial to staying protected. Old versions are vulnerable to known exploits from attackers.
Control access to removable media such as external hard drives and portable USB sticks. If a malicious file is accidentally transferred from a personal system to the business network, it can lead to a breach.
Ensure that both your Web Application Firewall and Network Firewall are protecting your business. Simply having one or the other will not fully protect your environment; a combination of the two will create a good buffer zone between the internet and your website.
Keep your data backed up:
Keeping regular backups of your data will mean that in the event of a breach, you can quickly and easily get back to a manageable state.
Ensure the device that contains your backup is not permanently connected to your network. The backup needs to be completely separate to your network in order to prevent it from damaged via a malicious attack.
Take steps to avoid phishing attacks:
Phishing attacks are usually orchestrated by third parties trying to trick you into clicking a malicious link. Conventional phishing attacks will be under the guise of a popular brand or bank. They will use many devious ways to try and convince you they’re legitimate.
Before clicking a link, double check for poor grammar, low quality logos, or email addresses that don’t appear to be from the company. If something looks off, there’s probably a good reason why. If you’re unsure, pick up the phone and call the company in question.
Keep your employees informed of what to look for when browsing or checking emails. Preventing a breach can sometimes be as simple as some awareness training.
Utilise password strategies:
Deploy two factor authentication. Even if a hacker is able to get your password, they’ll still need a second piece of information to gain access. This is usually things such as a fingerprint, security questions or a physical device used to authenticate a user.
Create complex passwords using upper case and lower case letters. Combine these with numbers and special characters to create a difficult to crack password. A shocking number of breaches are caused by weak passwords; a problem with a solution that takes seconds.
Don’t keep passwords saved to desktops or files on the system. If you found your network compromised, a third party could find the saved password and use it to further damage your business.
Of course, keeping your business completely secure is far more complex than the steps outlined above, however they’re a quick way to decrease your risk. For more information on the various aspects of cyber-security, check out our main Blog, or our Insights page. We also offer a wide range of services to help you ensure your environment is in safe hands.
October is National Cyber Security Awareness Month which is an annual campaign to raise awareness about the importance of cybersecurity. The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.