Step 1: Review Your Standard Operating Procedures (SOPs)
Contrary to what many people think, cyber security is not all technology-related; there are real-world steps you need to take to guarantee the safekeeping of your business assets.
You need to review the systems and processes in place for your business to ensure you have checks and balances that safeguard against potential data breaches. An example of this could be something as simple as getting two decision-makers to verify any payments above specified amounts. We have seen it time and time again where an invoice is paid into the wrong account, and the money is never seen again.
Step 2: Check if You Have Been Pwned
A software expert in Australia created the site ‘Have I Been Pwned?’ so that you can check if your phone or email has been involved in a data breach.
It also allows you to input your email address, phone number, or password and then the software will check if your information has been involved in a data breach.
It will then give you information about the specific breach, what happened, and what information was leaked. Sounds super scary, we know, but know that simply changing your password should help mitigate any issues that might arise from these breaches. So don’t panic just yet!
A fantastic addition to any security routine is always turning on Two Factor Authentication (2FA) when available for further protection. Google are making it easier and easier to incorporate these extra security features into your daily cybersecurity routines, as are other large tech companies.
Step 3: Use a Password Manager
Everyone should have a password manager, and no, this isn’t an Excel spreadsheet or a ‘secret diary’. A password manager randomly generates highly secure passwords and then stores them for you. Gone are the days of using your first pet’s name as a password (Snuffles123 has been leaked 34 times already)!
Using a password manager means the only password you need is the one used to access the manager itself. We recommend LastPass or 1Password.
Step 4: Regular Education
Regular people are often the cause of a data breach or hack, and usually totally by accident.
We’ve all heard of it happening – a friend messages you asking for help to win a competition, and the next thing you know, you’ve been hacked. Education is the only way to address and avoid these kinds of scams.
Ongoing education is vital because of the ever-increasing number of cybersecurity scams. A straightforward example is reminding people not to use passwords more than once (but let’s be honest, most of us don’t).
If there’s been a breach and the hackers have your password, they will inevitably try it in various other apps, hoping you’ve used it somewhere before. The last thing you want is some hacker having access to your iCloud or credit card details.
Step 5: Review App Security (MFA/API Integrations)
Multi-Factor Authentication (or Two Factor Authentication/2FA) can help stop hackers in their tracks. Unfortunately, many apps do not turn it on by default (although that is slowly changing), so you must turn it on yourself.
Even though some hackers know ways to circumvent this, it requires more effort, meaning they’re more likely to move on and find an easier target. Luckily, scammers are not that patient and mostly look for easy, vulnerable targets.
Another security hazard to watch out for are Application Programming Interfaces (APIs). You use an API whenever you sign in to things like your Google Account, Microsoft Account or Apple ID, permitting them to access all kinds of additional data. You need to review these regularly to know which applications are accessing what data, and if you no longer use an app, get rid of it – this will save you trouble further down the line. Again, your IT provider will be able to help you with this.
If you don’t have a dedicated IT provider, it’s time to invest in one for your business as it will save you big time in the long run – they are experts, after all. We recommend Infinite Edge for all your IT needs.
Step 6: Review Hardware and Software (Keep it up to date)
It is vital to keep your hardware (laptops and desktops) and software (applications) up to date.
Software updates aren’t just ways for companies to make more money; they also increase security. On top of this, as hardware becomes old and outdated, software manufacturers stop supporting them. This means your firmware is not being updated, leaving you vulnerable to hacks, breaches and attacks; it’s a two-way system of vulnerability.
You and your team must be on top of all software updates and strive to use the latest equipment as often as possible. These two things can save you in the long run.
Step 7: Domain Health Check
A healthy domain ensures that no one else can pretend to be you or create emails on your behalf and that your emails won’t go straight to the spam folder amongst a whole host of other things. It’s ideal for a qualified person to check this periodically as it requires quite a bit of technical knowledge, and the processes change often.
If you want to see what shape your domain is in, check out Edge’s domain health check tool, or watch the video below for more information.
Step 8: Secure your Devices
IT providers should control user access and have device management software in use. This limits the number of accidental damage users can cause if, for example, they wrongfully have admin rights and end up downloading something harmful.
Step 9: Secure Your Work From Home Team
With so many people working from home nowadays, the IT department must ensure that all devices are secure and people are not using their personal devices to access business information.
You and your IT provider must enforce cyber security policies for your business and ensure that people have appropriate rights on all platforms.
Step 10: Have Documented Policies in Place
We discussed the need for Standard Operating Procedures (SOPs) in the first step. It is one thing to have them in place and another to implement them. To ensure that it stays relevant, you must regularly review your SOPs and enforce them throughout your business.
It is common for people to have blind faith in the limited amount of cyber security in place for their business. So they often don’t pay much attention to it and just believe they won’t get hacked. We hate to be the bearer of bad news, but like we said, if you have money, these hackers will go after it.
Ultimately good cyber security is all about risk mitigation, lowering risk and knowing what to do when you get hacked. To make your business secure and cyber-fit, follow these 10 Smart Steps to hack-proof your business and contact Infinite Edge for all your IT needs.
Alternatively, if you’re looking for holistic digital solutions for your business, at Five by Five, we deliver a combination of stunning design, robust technology and content that converts – so why not contact us today?
