Your business generates large quantities of digital information. The secure processing and storage of information about your customers, suppliers, staff, sales, accounts, marketing and the like are essential to enable your business to function effectively.
How secure is the information in your business?
Losing vital and critical information as the result of an accident or a natural event has always been a risk to business continuity, but as we become ever more reliant on digital information, the potential consequences have never been more serious.
As for protecting information from criminals and hackers, a lot of small business owners believe that installing antivirus software on their PCs is all they need to do. Until a few years ago, it might have been enough, but today, cyber-crime is a major threat involving sophisticated, organised gangs that employ professional hackers who are paid huge salaries to target business information.
Don’t make the mistake of thinking that your information has no value to anyone but you. The objective of many cyber-attacks is simply to steal or encrypt information – rendering it inaccessible to the business owner so it can be held to ransom.
And there’s another reason you need to protect information. GDPR legislation is now fully embedded, and the spotlight will soon be turning from large organisations to smaller businesses. How comfortable are you with risking your reputation or indeed your entire business?
To help you understand what you need to do to safeguard your business-critical information, we asked our trusted IT partner and cybersecurity expert Mark Feetham of Less Annoying IT to give us his top tips
1.Back up information using a secure, cloud-based solution
“The first, most basic step you should take is to ensure that in the event of an incident, you have a recoverable back up of all your information. The only effective way to do this is to use a solution that stores an up to date copy of your data in the cloud at all times. As well as making a ransomware hack futile, if a disaster should impact your workplace, with all your data in the cloud, your business can carry on from anywhere with minimal disruption.”
“I often meet business owners who are using tools like Google Drive or Microsoft OneDrive – believing these are back up solutions. They’re not. They simply synchronise data and make it accessible from other devices. If information is compromised, they offer very little to no protection.”
“Make sure too, that your back up process is working, and you know how to access it! I’ve been called into businesses where it transpired systems had stopped working months before and they’d lost critical business information – and to companies where processes for accessing backed up data and crucial passwords have not been recorded.”
“You can set up an automated cloud back up system yourself using a software solution such as Acronis, or you can engage a service provider like ourselves. We’ll take a holistic approach, looking at all the areas where critical information resides in your organisation, reviewing vulnerabilities and testing the resilience of back up strategies.”
2.Protect data with multi-factor authentication
“Protecting important information with a password alone is no longer enough. Any business-critical information your organisation holds on systems and websites must be securely protected using multi-factor authentication. This means data can only be accessed when at least two factors are input – usually a personal password and a randomly generated authentication code. All smartphones have an authenticator app which generates a new code every 30 seconds and is only available to the mobile phone user.”
“Every business will be different, but you’ll need to secure things like your website, Microsoft Office 365, Google Apps and any online accounting software you use.”
“Multi-factor authentication makes it far tougher for a hacker to get into your resources, so it’s vital you ensure you apply it to all gateways to your information. It’s something you can do yourself, but if you engage a professional service like ours, as well as working with you to ensure that all your information is adequately protected, we’ll build in comprehensive processes to address other risks – including making sure no data is vulnerable when an employee leaves your organisation.”
3.Take your GDPR responsibilities seriously
“It’s more than a year since the General Data Protection Regulations came into effect, harmonising data privacy laws across Europe. At the time, there was a huge campaign to encourage businesses to prepare for the deadline. You might think it’s all gone rather quiet, but don’t be lulled into a false sense of security. In the early days, the Information Commissioner’s Office (ICO) concerned itself with large corporations. In the main, these types of organisations have made themselves compliant. It follows that the ICO will soon turn its attention to smaller businesses like yours.”
“Under GDPR rules, a business must notify the ICO of any data breach – malicious or accidental – within 72 hours or risk being fined, but we still see many smaller businesses failing to take their responsibilities seriously, protecting information with consumer class antivirus software, single-factor authentication and even using email to transmit sensitive or personal data.”
4.Document, test & regularly review processes
“Detail in a ‘living’ document the securities you have in place to protect information and the processes you’ve established to respond to incidents. This document will ensure that recovery of data is never dependent on any single individual. It will need to be regularly updated to keep pace with changes to the way your business works and the technologies you use – and you should schedule regular tests to check the functionality and resilience of your systems.”
5.And finally – if you’re still using Windows 7 – take action NOW!
“Support for Microsoft’s Windows 7 operating system ended on 14th January 2020. No more feature updates and security patches mean that computers in businesses still relying on Windows 7 are now vulnerable to threats and hackers.”
“If your business is affected, it’s critical you move away from Windows 7 as soon as possible. There are two questions you’ll need to address: is the software you use compatible with Windows 10, and will your computers be able to run an upgraded operating system?”
“With regards to this second point, installing Windows 10 onto your existing PCs – rather than investing in new ones, is almost certain to impact on their performance. I’d suggest having a conversation with your accountant about leasing your computers. For a fixed monthly operating cost, you can ensure your business is always working with the very latest technology.”
Protect Your Data & Protect Your Business!
Many small businesses are failing to take data protection as seriously as they should. Don’t leave yourself exposed to the potentially terminal risks arising from a disaster, a data breach or a malicious attack.
For advice on protecting your data – and on any other aspect of your business IT infrastructure, you can contact Mark Feetham on 01628 306532 or email him at [email protected].