Christmas is a time for giving, but not when it comes to online credentials and sensitive business information. By following our simple cyber security tips, you can make sure that your business and employees stay protected this festive season.
1. Reassess your cyber security
Over the past couple of years, there have probably been several changes to the way your business operates. When was the last time you assessed your security strategy? Does it still work effectively when taking into consideration remote working, online sales and any other adaptations you’ve had to make?
Cybercriminals are very good at adapting to new technologies and circumstances, so don’t get caught short. A cyber security audit is a great place to start, with regular vulnerability scans and penetration tests to keep new threats at bay.
2. Keep on top of training
Employees might not intend to put your business security at risk but could do so accidentally. Phishing emails can be convincing, and new threats are emerging all the time, so it’s vital that employees know what to look for.
People are your main defence when it comes to noticing suspicious activity and avoiding potential scams. A business-wide user awareness refresh could be a great New Year’s resolution. User awareness training and ongoing staff education is an essential component of an effective cyber security strategy.
3. Don’t become complacent
As we approach the festive season, most of us are spending more time online and can often start to take our eye off the ball. This is only heightened by remote working which can make employees feel detached from everyday security practices.
Cyber attacks don’t have to be sophisticated to succeed. Thanks to things like phishing emails, credentials can end up on the Dark Web without you ever knowing, and sold to cybercriminals who can then access your accounts and sensitive data. Dark Web monitoring is a reliable way of ensuring that your credentials don’t end up in the wrong hands, by searching the most secretive parts of the Dark Web and criminal hacker underground 24 hours a day, 7 days a week, 365 days a year.
Cybercriminals operate at all times of year, so it’s important to stay vigilant at all times.
4. Take insider threats seriously
Now is not the time to be complacent when it comes to the security risks posed by those within your company. You would never want to assume that an employee would compromise your business, but disgruntled employees can potentially do a lot of damage.
Insider threats aren’t necessarily malicious, though. In fact, the vast majority of network breaches are caused by human error. You can minimise the risk of this happening by limiting access privileges only to those that are completely necessary, and ensuring that staff know how to spot suspicious activity.
5. Don’t be too generous
Christmas is a time of goodwill, but this means that we could be more easily targeted by cybercriminals.
For example, cybercriminals are aware that many more parcels are being received during the Christmas period, whether that’s in the office or at home. This leads to scams such as those which impersonate retailers, which may claim that something is wrong with your order – when actually, they just want to trick you into entering your details.
An email security solution like Mimecast, which looks for impersonation tactics, can help to identify and alert users to these types of scams.
Whether it’s in a personal or professional setting, employees should always be on the lookout for potential scams. Check out our guide to avoiding Black Friday scams – it’s just as relevant to Christmas shopping.
6. Mobile device management
From the semantic shift to remote working during COVID-19, surveys suggest that a significant number of people continue to work remotely in some capacity beyond the pandemic.
However, many employees are still using personal devices which are not designed for business use. If this is the case, make sure that only the devices used by your employees can access your company information.
Mobile device management allows you to control and manage both corporate-owned and personal devices. You can then implement policies like selective data wiping, application management, remote locking and more.
7. Protect devices
When it comes to using company devices, encryption is key to keeping them secure and can help prevent data falling into the wrong hands in case of loss of theft. For mobile phones, this will be in the form of a PIN code, and on Windows computers, BitLocker should be enabled. Despite being one of the simplest cyber security tips, this is an important step in helping you protect important data. This is an effective – yet often overlooked – security control that all businesses should have in place.
8. Stay updated
The end of the year is always a good time to make sure all your affairs are in order. Make sure you go into the new year knowing that computers and apps are up to date with the latest versions, security patches and bug fixes. Encourage staff not to dismiss or delay updates – they exist for an important reason.
A managed IT support service can take away the burden of these updates and ensure that cybercriminals won’t be able to take advantage of any vulnerabilities.
9. Use a password manager
Remembering the login details for every single account you have (around 80 on average!) is difficult. However, this doesn’t mean you can afford to be lazy and use the same passwords across multiple accounts. This just makes it a whole lot easier for hackers to compromise several accounts and leave you exposed to cybercrime.
One of the easiest cyber security tips you can take on board is to safely store your passwords in a password manager. Our guide to password managers explains how they work to keep your passwords safe as well as strong.
10. Implement two-factor authentication
Speaking of passwords, two-factor (or multi-factor) authentication is an easy way of adding an extra layer of security to your online accounts. It works by giving you a code (usually on your mobile phone) every time a login attempt is made.
This means that even if cybercriminals obtain your login details, they can’t access your account unless they have your phone with the unique code. Also, if someone does try to access your account from an unfamiliar device or location, you will usually be notified, giving you the chance to change your login details and prevent being hacked.
Our guide on how to enable two-factor (2FA) authentication for end users explains how to add an extra layer of security to your Office 365 account and how to use the Mobile Authenticator App for 2FA.
11. Have a backup plan
When disaster strikes, it’s important that you can begin to take action straight away. Cybercriminals can introduce threats like ransomware which encrypt your files, demanding payment for their release.
Whilst you should have measures in place to prevent this from happening to begin with, a disaster recovery plan is vital for regaining access should the worst happen. It means that, in the unexpected event of data loss, you can stay calm knowing that you can still access all your important data and files.
You can potentially save your business thousands of pounds by having an effective backup plan – ransomware is the biggest threat faced by SMBs, and the average downtime costs are up by 200% year-over-year. Plus, under the General Data Protection Regulation (GDPR), all businesses must be able to restore access to personal data following an incident.
12. Take a proactive approach
It’s more important than ever to start taking a proactive rather than reactive approach to cyber security. Disaster recovery will get you back on track following a major incident, but it should only be the final part of your business continuity strategy. Now that businesses are increasingly operating online, it’s essential to ensure that all necessary measures are in place for compliance and security.
Even with the most advanced disaster recovery measures, the consequences of a data breach can’t be escaped. The risk of compromising your business and/or customer data, not to mention damage to your reputation, is too great to ignore. Making a significant financial investment in this may be off-putting, but the cost of ignoring it will be much greater in the long run.
Want more cyber security tips?
Here at Air IT, our mission is to help businesses succeed through technology. Our advanced managed cyber security services will safeguard your organisation from threats and vulnerabilities, be they malicious or accidental. If you’re looking for cyber security services to help protect your business, contact us to discuss your needs further.