The world today is digital, where you can now do everything, from reading books, listening to music, booking a taxi, pre-ordering your groceries for delivery and even ordering your morning coffee. While this new digital world has made life easier with more information at your fingertips to discover, it also means that your business’ information has never been easier to access with one in five Kiwis affected each year at a cost of $257 million in 2016 alone (1).
And avoiding the internet all together isn’t a viable option for many businesses as the internet is now so intertwined into our everyday lives, and the way a customer purchases that avoiding the internet all together can be a guaranteed way to stunt business growth or even cause business failure.
So just how do you make sure your business stays safe from both hacks and breaches but also from information thievery?
Protect your Passwords
Making sure your password is hard to hack is the easiest and quickest way to protect your log-ins and your sensitive business information. Making your password harder to hack is simple. Firstly don’t use any of the most hacked password names (such as 123456 or password). Secondly make sure to use both capitals and lowercase and also numbers and symbols.
Also many sites such as Facebook and Google now allow you to use 2-step authentication, with a code being sent to your designated mobile number to confirm your password. This can be especially important in making sure your Company Facebook page isn’t hacked.
If all these different complicated passwords are going to be hard to remember or manage, there are a number of great password management softwares available that can do this for you securely (Such as 1Password and LastPass).
Many people don’t think about their security questions too much, but remember that if a potential hacker can’t get through with your password, they may be able to get through with your security question. Just think about all those times you can’t remember a password for a seldom used online service and have to use the security question.
Make sure your answers aren’t something that can be found easily. Your school records listed on your Facebook or LinkedIn? Best not to make that the answer to a security question. The song that was playing during your first dance at your wedding or the name of your childhood toy, are answers that’s a lot harder to find on the internet.
Of course, your support team may have a lot of trouble answering these questions too, so if you are sharing logins with these security questions can also be managed through a password manager but If you don’t feel like using one or don’t have the need to, you can always make a hard rule to put a chosen symbol before each answer, so your mum’s maiden name is answered as @Smith rather than Smith.
Only use https and secure connections.
When purchasing anything or entering any sensitive information, it’s important to make sure that the site link is HTTPS; a secure connection. This means that any data that you send through is encrypted and cannot be easily viewed. There are many easy to obtain programs, known as Packet Analyzers or Packet Sniffers, which can intercept and log traffic that passes over a network. A secure connection means that these types of programs aren’t able to just see everything you send.
For this same reason, if your business offers public wi-fi, you should not use it for any of your own transactions or business communications.
Firewalls, Antivirus Software and Security Plugins
While most people today have antivirus software, it is important to make sure your business’ protection stays up to date. Technology is always evolving and unfortunately so is the malware, spyware, Trojan horses and other viruses. It’s important to make sure your protection also stays up to date so that it has the proper protections in place for each new threat.
Keep Platforms and Scripts up-to-date
For a similar reason, it’s important to keep your platforms and scripts up to date, especially if your business takes advantage of any open source software. For open source software, the code is free and available for anyone to view. The longer the code is available, the more time a hacker has for figuring out a way in, so it’s important to make sure your version and scripts are kept up to date.
Beware of Scams
A large number of attacks are coming through as scam emails. Emails pretending to be from your paypal or bank account with official look and logos. Your bank will never ask for any personal information but also be wary of any links to login to your account, make sure to check the address when logging in from an email.
Have a back-up plan
The stark reality is that you can do all of the above and more yet still a clever and sneaky hacker can still gain access to your system. So what do you do if you suddenly find your business site hacked or your customer database breached? Do you know how you are going to recover your data or how to get back into your systems? Do you know how to retain stolen customer information or which accounts to cancel? It’s great to think about all of these things but if it is too overwhelming it’s worth considering cyber insurance for your business. Most cyber insurance policies will not only cover your business financially but will help organise the retrieval of information, restoration of systems and even ransom negotiations for information.
This is general advice only.