Online Security for Small Business
Online security is vitally important for businesses of all sizes and its not often we have the honor of having a guest writer – Matt from Broadband Genie to cover this wide and varied subject
Online Security is where larger organisations can reduce their attack surface with lots of investment and expensive technology, smaller business have far more limited resources to work with and must think carefully about how they approach the issue. But this doesn’t have to be a complex or expensive endeavour, just a few simple changes can improve your online security and help you keep your business safe against threats.
Malicious software and scams
A problem that every internet user faces is the risk of catching a computer virus or succumbing to an online scam, and it’s particularly problematic for businesses which can face specially targeted attacks.
For starters, anti-virus software is a must. Every computer should be protected by a security package which can detect viruses before they cause damage and remove infections which do take hold. This does not have to cost a lot of money. There are plenty of Anti-Virus Applications available for little to no cost, though you should check the terms of the license as they may be restricted to personal use. If you need or want to pay, look for either a small business package or individual licences for each computer to keep costs low for a smaller business.
Another type of protective software to consider is an anti-malware toolkit like Malwarebytes Anti-Malware. These protect against different types of threats than a general anti-virus package and are often better at rooting out nasty spyware or trojan horse infections which can be designed to steal information. Again, there are free and premium editions of such software.
One of the favoured vectors for distributing viruses is email. Typically this involves sending a seemingly real message with an attachment that contains a virus, and when businesses are involved this is often made to appear as though it’s an invoice or tax information. Do not trust any email attachments – even if they seem to come from a known contact – and always use anti-virus software to scan them before opening the files.
Secure passwords are essential to make it more difficult for attackers to hack into your services and prevent prying eyes from accessing devices.
Passwords should be long, with a mix of upper and lower case letters, numbers and special characters if possible. They should also be unique. Never use the same password more than once.
To help bolster your password security, a password manager tool like 1password or Keepass is invaluable . These provide an encrypted locker for all your login details and automatically fill out login prompts so it is not necessary to remember every password, which means they can be long and unique. They may also offer additional features such as password generation and security audits, and many of them are free or very affordable.
It’s also a good idea to make use of multi-factor authentication whenever it is available. This means that in order to access a secure site or service you must provide both a password and additional security token, typically a code generated by a mobile app or sent to an email address.
That makes it much trickier to access without permission as both the password and security token are required. If you do online banking it is likely you’re familiar with this already as it’s common for banks to require both a password and passphrase or code, sometimes using a card reader dongle.
Lost and found
In addition to protective security software, you will also need to consider the safety of devices such as smartphones, tablets and computers should they be lost or stolen, as they can contain a huge amount of information and may allow a thief to access your secure services.
Always password protect devices
While the screen lock of a smartphone or user login for a computer is not particularly secure against someone who knows what they’re doing, they can hinder casual attempts. For added security you may wish to use a boot-up password which is required to even access the OS.
Do not stay logged in
If you leave email or other services logged in when the device or software is shut down it means someone who gets access doesn’t even need a password to see all your private data. It may save time in the morning, but it’s not safe.
Use tracking software
In the event a device is misplaced remote control software can help recover it, or at least allow you to remotely lock or wipe it. This is built in to many mobile devices now (Apple has ‘Find My iPhone’ while Google offers location tracking as standard) and can be added to laptop and desktop computers with software packages like Prey.
Encrypt sensitive data
Private information can be encrypted to secure it against unauthorised access. So long as you use a good software package and strong password this is extremely secure, and it can be used to encrypt anything from individual files to entire hard drives. Some recommended tools to try are VeraCrypt, AxCrypt, Bitlocker and Apple Drive Utility. Full endpoint solutions such as Kaspersky can have encryption built into the product making it easier to manage from a single console.
Lock it down
Don’t neglect good old fashioned physical security. Laptops use a standard ‘Kensington’ standard which is designed to allow laptops to be secured to a table or permanent fixture. They’re far from foolproof but enough to prevent crimes of opportunity. Some desktop computers also have Kensington fixtures, but if not add-on kits are available.
Editor at Broadband Genie