1. Keep your systems (IT and software) up to date
Many attacks target existing security vulnerabilities. By keeping your systems and software up to date (known as patching), you will save yourself plenty of headaches. Many cloud based or SaaS solutions will provide this by the nature of the product, but for om premise applications, be sure to stay safe.
Questions to ask your self:
2. Back up your Data
If there is only one take away from the recent ransomware attacks for small and medium businesses, it would be to back up your data diligently. Make sure you have a backup plan and stick to it. Dropbox, Google drive, Box are great options to get you started.
Questions you need to consider:
3. Beware of Malware (Viruses of any form)
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware can cause absolute havoc with a business.
Out of all of these, the more concerning is the growing threat of Ransomware, which is becoming an issue for unwitting advisers and accountants who install software without fully realising what they are up for.
Be wary with the software you are about to install, or an attachment you are about to open from an email. Ask yourself these questions:
Questions to ask:
4. Educate your team
Today, many attackers target the human mind and exploit the built-in trust in human relationships. It can be too easy to lure someone into clicking a link that downloads malware, or to provide the password to login to your corporate network.
A typical “phone phishing” attempt is where the attacker pretends to be someone you trust, e.g. IT Support or a customer, and will tell a reasonably plausible story, in order to trick you to give out your password or help them to get someone’s account details.
In a ‘spear phish’ attack, an attacker sends an email that looks like a legitimate message from a trusted company, in hopes the victim will give up some lucre or account credentials. Normal phishing emails are typically relatively easy to spot (they look spammy), but they are getting more and more sophisticated and believable.
5. Password Management
A password is often your only way of verifying whether someone is allowed to access your critical systems and data. It is also one of the areas that is so often done incorrectly (yes even the experts get it wrong).
Do you still ask your employees and users to use passwords that require special characters? Do you still force them to change passwords every 30 days? Think again. Maybe this technique has actually done more harm than good. Your users may very well come up with a password that goes by Pa$$word1! and Pa$$word2!, which meets all password policy requirements, yet is extremely easy to break using modern password guessing techniques. Or they just write it on a piece of paper and stick it under the monitor.
Consider implementing these new rules:
We just sent you an email. Please click the link in the email to confirm your subscription!