TT220: Close the door on cyber crime
With technology continuing to move faster than ever, businesses are becoming increasingly reliant on their computer systems and networks. In many modern organisations, both day to day operational activities and sales generating tools such as websites are completely dependent on a good technological infrastructure. This creates a significant risk to an organisation if the technology were to fail for any reason.
However, despite this apparent risk, in many organisations there exists a disparity between the reliance on the technology and the controls in place to prevent cyber threats. These threats can cause data loss, an inability to continue working, or even worse, the theft by criminals of customer information.
You may previously have thought that “hackers” only really attack the big companies such as eBay, Facebook & Sony. However, worryingly, in a recent report by the Institute of Chartered Accountants in England and Wales (ICAEW) it was found that 87% of small businesses have reported a security breach this year. This suggests that this it is something important and relevant to all of us.
To attempt to help improve awareness within small businesses, ICAEW have summarised ten improvements to help avoid a security breach. The key six steps are as follows:
If individual managers are given ultimate responsibility for ensuring controls are in place and operating effectively, the procedures involved to increase security should become commonplace as opposed to an after-thought, which should improve an organisation’s defences against an attack.
Protect your computers and network
This often involves things as simple as installing anti-virus software on to all company machines. The firewall which is contained within this software should provide a reasonably strong (and simple) level of protection against external threats and the anti-virus can be set to run regular scans of your system to ensure no viruses exist.
Keep your computers up to date
Something which demonstrates the speed at which threats can come into existence is the regularity of Windows updates. These updates can be set to download and install automatically which will boost an organisation’s defences against a cyber threat by closing loopholes which hackers are known to try to exploit.
Control employee access to computers and documents
Morrison’s recently learnt the hard way when an internal member of staff downloaded all their payroll details and then sent them to a local newspaper. Although we would like to think this is a very rare occurrence, it is possible to restrict the information which different employees can access which will help to avoid any leaks of confidential details. Microsoft have a dedicated community online where answers to most common “how to” queries, such as how to set up user access rights, can be found here: http://answers.microsoft.com/en-us
Extend security beyond the office
With many staff now possessing the ability to work from home, this represents one of the biggest threats to an organisation’s cyber security. It is now possible to use storage devices which can be wiped remotely if lost, which reduces the risk of confidential information being stolen. If this is combined with company policy which requires all company information to be stored on the company network, or on a secure storage device, the threat of information falling into the wrong hands can be significantly be reduced.
Educate your team
This is perhaps the most salient point of this article. Security threats can come in such a wide range of forms that it is impossible to fully safeguard against everything. Instead, a healthy dose of basic education to ensure staff don’t click on rogue email links, don’t visit infected websites and recognise the importance of keeping their computers and anti-virus up to date will go a long way against protecting yourself against a large percentage of the threats out there.
Although these threats will always be present, the online marketplace offers some fantastic opportunities for small businesses to grow and reach new markets and a much wider breadth of customers. Combined with the efficiencies which can be gained by an office which requires less paper, and has an effective IT infrastructure, it is clear that there are significant advantages to organisations who embrace the technology available. By implementing steps such as those outlined above, those same organisations will be able to improve their defences against security threats giving both staff and customers a greater level of comfort when working with or transacting with the organisation.
For further advice on embracing the online opportunities in a safe and controlled way, do not hesitate to contact one of our partners using the contact us page.
For a full list of the ten security steps for small businesses, along with other useful security advice, you can visit the ICAEW’s dedicated resource for small businesses: http://www.icaew.com/en/technical/information-technology/cyber-resource-centreTalk to Barnes Roffe today