Today we’re thrilled to have some top tips from Phil Smith, Technical Director at EncryptionBox, the award winning data storage, sharing and messaging application. Phil has been involved in the web and programming for over 15 years having spent time in the DWP and at the likes of LBM working in management information.
Tuesday 11th February is Safer Internet Day, a global day designed to “promote safer and more responsible use of online technology and mobile phones”. Whilst this is largely aimed at children and young people, in the fast changing online world, businesses also need to know how best to stay safe.
What the threat is, and where it could be coming from
The latest UK Government figures suggest that 93% of large organisations and 87% of small organisations have suffered cyber attacks in the last year, with the average cost for a small organisation to be between £35k and £60k. I’m sure you’ll agree, these are quite staggering figures and could spell the end for many small businesses. The problem faced by businesses is multi-faceted with threats coming from both outside and, often more commonly, inside the organisation. I’m not suggesting that employees are becoming less trustworthy; in fact many issues from inside a workplace are coming from employees trying to work better for a business.
In the ever connected world, more and more people are taking work home with them, and this could be on USB sticks or sent to their personal email addresses, which is where the problems can begin. Whilst you may ensure your network is protected inside out, as soon as your sensitive data is in someone’s home it is at the mercy of that person’s security. Likewise, personal email accounts from public providers are often the ones which are most often compromised, opening your data to another potential breach.
But how do businesses prevent these types of vulnerability? The best way to protect your business is through clear and enforced data protection policy which will highlight the dangers to employees, and sets in stone a method to help prevent data loss through this channel. Ensure employees have secure access to their email remotely or use a service such as EncryptionBox which allows anytime secure access to documents.
Get the basics right
One way to look at starting to create a policy is to go back to business basics. Start by making a list of which assets your business needs to continue running, ranking each one in order of importance and – very critically – note the time period that your business could continue without it. This will help to identify the areas that need the greatest protection. Next focus onto your digital assets – things like email, customer database, network infrastructure etc. – and rank these too. You will now be getting a good picture of where you need to focus your data protection policy. Then make a list of the people you would need to contact if any of your critical services failed and, where possible, have an alternative solution in mind. Once you have this breakdown of your business, you can start looking at the technicalities, and if you need to, bring in an expert to help.
On a day-to-day basis many of us can improve the way we take care of our online data much better than we already do. By getting the basics right, you can negate up to around 80% of the risks. Again policy comes into this, but it can be something as simple as your own personal commitment to keeping varied and secure passwords. A web search will allow you to find software that is free to keep your passwords safe. Alternatively if you feel you need to write them down, try to have a code when you do, so that actual passwords aren’t written down, and don’t store them near your PC.
A few top tips
Other simple tips that may seem common sense can help make your time online safer, but in our busy lives they’re easy to forget at critical times:
- Don’t download attachments unless you are sure of the sender. Your bank will never send you an attachment without prior notice.
- Don’t click on links in emails claiming to be from your bank if you are unsure. A genuine email should have some identifier like your name, part of an account number, or something else an attacker wouldn’t know.
- If Windows says it has updates, let it update! It may seem an inconvenience but it happens for a reason. Apple OSX and Linux all do the same.
- If you are legitimately downloading free software be careful to read all the boxes when you install it. Often other packages, plugins, and toolbars will be installed too which will at least contain adware.