For most businesses, the digital focus for the last 18 months has been dealing with the pandemic. However, digital viruses have always posed a significant threat to our ability to operate. We only need to look back to 2017 and the ‘WannaCry’ attack that sent the NHS and other essential organizations into a collective tailspin, costing the country £92,000,000.
Today our work and personal lives are built on digital foundations; keeping information safe is non-negotiable.
The starting point, as always, is data protection. For a small business, a hybrid approach should be in place, involving external hard drives being kept secure and regularly updated. For those businesses that have achieved a certain scale, you are almost certainly keeping a significant amount of data stored in the cloud. It’s essential here to pick a provider with a solid reputation (names like Google Drive, Dropbox and iCloud are big for a reason). However, this is meaningless if you fail to use an appropriate password — more on that later.
Over 50% of us take up to 45 days to install security updates when requested. Good security software stays abreast of new digital threats, like the ransomware behind the WannaCry attacks, but it will only work when updated. So while it can be tedious to do so, it is imperative you keep on top of updates, save your open files and reboot your machine. If you are a business leader, it is vital that you enforce personal accountability on your employees, as it is the only way to ensure security.
There are a plethora of options available when it comes to security software — there are comparison sites online so you can find the best fit for your business.
Anti-phishing tech is also worth exploring, given the recent rise in malicious email spoofing. There are some great options for preventing intrusive behavior on PCs. Be sure to look into Privacy Badger and Ghostery to stop sites from following your internet movements against your will. As with all tech, it is a question of balancing cost against safety — a lot of the time, you get what you pay for, so it may be worth spending a little more here. One of the most cost-effective ways to ensure digital security is to invest in training; once people understand the scale of the risk, they are more likely to be motivated to be personally accountable.
There are steps we can all take to improve privacy besides investing in security software. Putting your personal information on the web can come back to haunt you, so make sure to err on the side of caution in every instance.
As mentioned, many of these issues can be addressed with simple training and helping your staff to become privacy-aware. But to start with, I’ll state the obvious: be sure to keep an eye on personal and business bank accounts and watch for unexpected withdrawals. Also, be aware of what information can be used for identity theft — your name, address and date of birth can be enough information to create another “you.”
You don’t need to put your real name or birthdate on your Facebook account (and definitely don’t fill out those viral questionnaires — what seems like innocent fun is the perfect trap for hackers to find personal information that is likely to be in your passwords!) Triple check the sender's email address if they are asking for personal information and consider setting up an alternative email address that you can use to sign up for offers and deals.
You should also consider ‘Googling’ yourself on a monthly basis. Beyond massaging your ego, it will give you a sense of what information exists about you in the public domain and will give you the chance to make or request changes.
Think it’s too hard to remember a strong password? Experts recommend turning a memorable sentence into a complex, nigh-uncrackable password. For example, BOT&C4BFST@W looks easily forgettable, but it is easy to recall if you know that you love beans on toast and coffee for breakfast at work.
Other top tips include using different passwords for different sites and changing those regularly — not only when you think you’ve been hacked.
If you have multiple passwords that need to be accessed by a few different staff members, consider storing them all in one secure place through the use of a password vault like KeePass or LastPass.
Those that seek to steal our data will go to extraordinary and complicated lengths to take it from us. It is a pleasing irony that we only need to do the simplest things to protect ourselves from them.