In fact it should be a priority area for SME’s, start-ups and young companies, warns agile software developer Blackthorn Technologies. UK businesses face many challenges in order to achieve growth and success. Cyber hygiene, namely keeping the business data and its systems clean, is a vital function within any business. However, it is often overlooked or swept under the carpet particularly when a business is starting out.
In response to the increased risk of cyberattacks on UK based businesses, Blackthorn Technologies has created a guide to the ten most common cyber hygiene mistakes made by young businesses and advice on how to avoid them.
1) Failing to update, change or install a Password
There is no getting round it; passwords are important. Make sure that your password is strong i.e. eight characters as a minimum with a number, alphanumeric character and a number. Also make it easy to remember as there is no point having something that sounds cryptic but is impossible to type or recall. Four simple words bundled together are more difficult to crack than random letters and numbers.
2) Dude, where’s my data?
In the days of cloud storage people are putting data everywhere and anywhere. Do you know what data is on your OneDrive/Google drive/iCloud? Whether it is personal information or corporate information, keeping track of data, its location and knowing the sensitivity of the data is crucial. In light of the ongoing case between Microsoft and the US Government, it is also vital that businesses understand what jurisdiction the data is stored in as this may have future legal implications for the company.
3) Get to grips with Encryption
This isn’t new. The cryptographic processing information has been around since Julius Caesar popped over from Calais in 43 B.C and as long as people have wanted to share information, they’ve also sought to keep it quiet from prying eyes. There are lots of encryption tools out there, but the key is to start off with the data in storage – namely those files in the hard drive. Secondly, consider using VPN’s, Virtual Private Networks, and then 2 factor authentication (2FA) to access the VPN which is offered by several cloud storage companies.
4) Don’t put all your eggs in one basket
It’s essential these days to replicate data in at least two places and do not put all data in one server. In fact, backup your data in more than two places and not in the same building, but make that it is encrypted and the access controls – password and encryption- are at the same level.
5) Forgetting to change default passwords
It’s easy to say, but always change default passwords. When the delivery person, for example, turns up with a weird looking cardboard box with a massive barcode and the IT department claim they really needed it, ensure that you hand it to them on the premise that they change the default password as soon as they set up the system.
6) Remote kill
Today there aren’t many people that do not have a phone that does not connect to their corporate email. If you have Microsoft Exchange then set up the remote wipe function. All phone vendors are moving towards a way of finding and wiping a mobile phone remotely. With any device that is mobile it is important to think whether you can send a command that will enable it to stop working if you lose it or it is stolen.
7) Lack of Firewall reviews
Firewall is a common word these days and it is something that no infrastructure does without, but what does it do? It locks the ports down and regulates access. If you don’t know what a port is, ask IT and ask IT what ports are open and closed. Make sure that there are regular reviews of the Firewall ports and the associated ruleset. If you need help, ask IT or get Blackthorn Technologies in as it’s something we’re experts at.
8) Seek expert advice
Incidents are the ER of the IT world. First responders include forensic analysts, malware specialists, penetration testers and they can be on hand to assist you if something goes wrong. If you had a cut which required stitches, it’s unlikely you would fix it yourself. So in the same way, consider getting ‘IT ER’ in when you have an IT incident. In fact, plan a potential incident with your IT support team so to prepare and prevent disruption to the business.
9) Out of date anti-virus software
Make sure the anti-virus software is on, up to date, and installed on all machines. When there is an alert ensure something is done about it. This is your warning radar for bad stuff coming onto your machines.
10) Ask what can be done better?
Look at all the points above and ask; is everything in place? What can be done better?