In the rush to get your business and staff working from home, you may have taken shortcuts that have increased the risk of a cyber security breach of your valuable data
I’ve run a small business Managed Service Provider (think IT Helpdesk and Cyber Protection services rolled in to one) for 18 years now and have seen how cutting corners with technology stores up problems that come back to haunt you.
What’s the Risk?
Stop for a moment and think about the data in your business – documents, spread sheets, finance, personnel, designs, photos, intellectual property, sales contacts etc.
Imagine sitting down to work tomorrow and finding out that it’s all gone – permanently. Think what it would take to recreate it. Consider how you would continue to run your business as usual without it. How would you recover?
If you are getting cold shivers that’s perfectly normal.
- Your data is your intellectual property. It’s really valuable.
- Your data contains sensitive personal information. You don’t want to have to explain a GDPR breach to everyone whose information you exposed – never mind the fines.
- Your data would take ages to recreate. In fact, you probably wouldn’t be able to spare the time. Instead, it would bug you for years to come as you realise you have to rewrite contracts, you can’t find historic sales information, you need to re-create all your designs and so on.
- Your data keeps your staff working efficiently. Without it, they can’t deliver your service, plan ahead, close sales, find new opportunities.
- Protecting your data protects you from fraud and theft.
- A breach that goes public, or has to be explained, could wreck your reputation and soil your brand for years.
Clearly, protecting your data is of the highest importance to enable your business to thrive uninterrupted. And in the current climate of uncertainty, you need to protect revenues and maximise profit (or reduce losses) as best you can.
The Pandemic is a Bonanza for Cyber Crooks
It never ceases to amaze me, the depths to which cyber crooks will sink. It’s a sad fact that wherever there is fear and uncertainty the bad guys will take advantage.
Examples of phishing email scams already reported are:
- Use of govt branding offering grants, tax rebates or compensation
- Fake opportunities to get involved in healthcare investment schemes
- Bogus charities requesting donations
Keep this uppermost in your mind when you are thinking about cyber security.
Be Suspicious. Assume the Worst.
Now, however, you need to know where the gaps might be and how to close them.
Remote Working Vulnerabilities
As a business owner, you have had a very short period of time to make a whole load of significant decisions about finance, HR, legal and technology with a dizzying array of ever-changing advice and uncertainty to wade through. You are probably working harder than ever and are feeling as stressed as you’ve ever done.
Wherever you are in this new disorientating world, you have already done an amazing job. Don’t let the cyber crooks wreck that. Take a little time to go through this list of vulnerabilities that may have opened up in your rush to work remotely.
Passwords
New accounts and services need new passwords. Yet more passwords means more opportunity to commit one of the 3 cardinal sins:
- writing them down
- making them easy to guess
- reusing the same password over and over again.
Write a password policy and distribute it to your staff. Put 2-factor authentication on all cloud applications. Use a password manager
New devices
You may have invested in new PCs or laptops for your staff. Did they get set up properly? Are they running anti-malware? Is their patching up to date? Are they being regularly maintained?
Get a report on patching and anti-malware software from your IT person/team
Personal devices
If you don’t have the cash to spend, having team members use their own technology reduces your capital expenditure. However, personal devices are more likely to be unmanaged, compromised already, unlicensed and used by other members of the family.
Provide a company device OR carry out a security review of all personal devices with access to company data
Backups
There is a good chance that the company data is now being stored in new locations in the cloud. That’s great for remote working but is it backed up properly? Don’t fall for the common misconception that data in the cloud is safe. It is at risk from malicious or accidental deletion, ransomware and system breaches.
Review all data locations to ensure they are backed up regularly
Hard disk encryption
With your devices ‘on the move’ or stored in the home they are more vulnerable to theft or loss.
Check that encryption is enabled on all your devices. Implement BitLocker on Windows or FileVault on your Macs
Summary
The list here is not exhaustive – there are plenty of other gaps that will need plugging. It is a good start though, and most of it will be easy and quick to implement.
One big topic I haven’t covered is Cyber Awareness training for your people. The more knowledgeble they are, the more likely your people are to recognise an attempt to scam them. I’ll save that topic for another day.
In the end there are no guarantees. If someone is determined enough they will get in. The main threat to your business, though, comes from the 95% of breach attempts that rely on you leaving fundamental gaps. Block these and the bad guys will go after easier targets.
And remember that the ultimate responsibility lies with you so…
Be Suspicious. Assume the Worst.