What is cyber hygiene?
Living and working in the digital age means we rely on computers and devices to help us manage many aspects of our personal and work lives. As in other areas of our lives, practicing good hygiene goes a long way to maintaining good health and wellbeing. Cyber hygiene can be used to describe a series of processes and best practices we need to use regularly to maintain and safeguard the integrity and security of our business networks as well as the data contained within.
Here are some simple steps to reduce the risk of becoming a victim of cybercrime.
Know your risks
Determine who is responsible for managing the risk within your business. Developing a risk strategy and delegating responsibility is an important first step in keeping your network secure and well maintained. If you don’t have an in-house IT team, you may wish to consider the services of a Managed Services Provider, such as Network ROI.
Not all information held by businesses is sensitive. Criminals aren’t interested in small-talk emails between colleagues or how much the latest invoice from the local catering company is worth. Criminals want the good stuff; customer contact details, user credentials, company bank details, etc. Prioritise and protect your most valuable data.
Great care must be taken to control user access to the company network. It is important to match access levels of team members to reflect their position within the enterprise. Employees in junior positions are less likely to have access to the names, bank account and address details of senior contacts at your biggest client, whereas, members of the management team may have access to this type of information.
Protect your network and devices
Many businesses at the smaller end of the SME spectrum might not have the budget, or feel they have the need to employ an IT company to look after their computing needs. If this is the case, the first thing to do is to make sure you have an active firewall built into your network router.
Next, change the username and password of your router from the default settings – in many cases, these are set to admin and password by the manufacturer. Make sure the username is unique and is unlikely to be confused with other networks nearby. Choose WPA2 security mode and set a long password to improve the integrity of your network.
Make sure you limit the number of people who know these updated details on a strictly need-to-know basis and create a guest wifi network to restrict access to the company network from non-company devices.
Install security software on all devices to protect against spam, malware, viruses and other potential instances of cybercrime. There are lots of great products on the market, so do your research first to make sure the software suits your device environment and fits your budget while offering maximum protection. You also need to keep your security software updated to increase its effectiveness.
Update your device software and firmware regularly to patch vulnerabilities as they occur.
Teach good habits
As in other areas of working life, knowledge equates to power when it comes to securing your business network. It’s vital to hold regular security briefings with your team to outline the latest threats as well as letting them know who to contact in the first instance in the event of a security breach.
Develop a device and information security policy to explain the importance of data security for your company and distribute a copy to existing team members. Ensure HR includes these documents as part of the onboarding process for new starts.
Make sure your team are up to speed with company social media policy. Make it clear they can’t publish or share sensitive business material, intellectual property (IP) or other business critical content. Also, they must behave responsibly on social media channels, even when using personal accounts, as their actions can be seen to represent the company directly or indirectly.
Invest in a password management platform
Develop a strict password policy to mitigate the risk of your network being compromised by outside actors. We log into more websites and secure online areas now than ever before, and hackers are employing increasingly sophisticated tactics to gain access to our personal details. Add the fact that we log into all these accounts across multiple devices further complicates the password management landscape.
There is a good selection of cloud-based password management tools on the market, many of which offer excellent enterprise options. Look out for offerings that let you protect multiple devices across remote locations. Apps such as LastPass offer highly encrypted password vaults as well as providing ‘generate password’ options, which helps users avoid creating obvious and insecure passwords.
Even password management tools aren’t immune to security flaws, though. A master password usually controls access to the password vault. It is important to inform your team that a weak master password has the potential to open up your entire suite of site logins to light-fingered criminal types.
Always back up
In the event of a major security breach, it is important to recover your information quickly to get your business back online in the first instance. Ideally, you should have hourly incremental backups running automatically to an off-site data source as well as backing up your machine onsite for a speedy recovery.
Security breaches are becoming more common as businesses rely on computing technology to manage various functions. Being the victim of a successful data hack affects consumer confidence, company profit, and stakeholder relationships, not to mention the negative press publicity that will damage the reputation of your business. In most cases, remedial costs amount to much more than investing little or no security budget in the first instance.
The information contained within this article is for guidance purposes only. If you are serious about the digital security of your business, we would always suggest talking to a professional security consultant or having a discussion with your IT department in the first instance. Network ROI will not be held responsible for data breaches or loss of income as a result of the information within this article.
Download our interactive Cyber Hygiene Infographic
Get in touch