• Sat. Jun 22nd, 2024

North East Connected

Hopping Across The North East From Hub To Hub

Simple Steps to Defend Against I.T Vulnerabilities for Small Businesses


Sep 9, 2021

Cyber security measures are required by everyone. From home computer use to business applications, no one is immune from the threat of a cyber-attack. It is predicted that there are way over one million victims of cybercrime on a daily basis! You certainly do not want to be one of the people that make up the numbers of such negative statistics. However, the risk is very real, as there are so many ways people can fall victim to one of these attacks. 

The most common types of cyberattacks include viruses, malware, worms, and Trojans. However, other common cyber attacks include falling victim to a criminal insider, SQL injections and the theft of data-bearing devices. 

That merely scratches the surface! You then have web-based attacks, phishing, social engineering and more. From the education sector to the medical industry, no industry is exempt from the threat, which is why everyone needs to do all in their power to increase their IT security levels

Read on to discover some useful tips to follow in 2021.

Data centres offer a more proactive protection

For some the hard reality of how valuable a company’s data is only realised after a data breach from hackers or data loss from system malfunction or some other issue including fire for example. Because of the importance these days it is crucial for small businesses to have as little downtime as possible as this can make or break most businesses. Security updates is an ever-moving landscape and hard for most people to keep up to date with all the areas that need to be monitored so migrating to a data centre can bring many of these benefits at a fair and reasonable price. 

Data centres have also adapted to meet different clients needs as some prefer to maintain their servers locally and Colocation (Colo) is a viable option to do this by providing all the security protection layers like Web Application Firewall, Malware prevention and removal, Blacklist monitoring and fast response times. Freeing up small business owners to focus on their customers with peace of mind their data is being closely monitored.

Teach your employees how to set up an effective password

Let’s begin with the most basic cyber security advice, how to set an effective password. 

This is something you need to teach all employees at your business about. If your password is ‘123456’ or ‘password’ you are asking for trouble. 

Did you know that these are actually the two most common passwords? Aside from this, other common passwords include the following – ‘abc123’, ‘iloveyou’, ‘letmein’, ‘qwerty’, ‘111111’, ‘admin’, ‘princess’, ‘trustno1’, ‘sunshine’, ‘monkey’ and ‘oooooo’. When creating a password, you should avoid using your company name, real name or username. Make sure it is at least eight characters long and that it contains all of the following – lowercase letters, uppercase letters, numbers, and symbols. 

Try and avoid using complete words as well, such as ‘hello’. You should never use the same password for all of your accounts. If you do this, once a hacker has access to one of your systems, he or she is going to have access to everything.

Assess all potential vulnerabilities 

The start of 2021 is a great chance for you to assess all elements of security at your business. We have become so obsessed with our online presence that we tend to overlook other vulnerabilities, for example, identity theft through not shredding documents correctly and vulnerabilities at PoS systems. You should get a credit card scanner from a company that prioritises security and has a great reputation in the industry if you have not already. 

Access controls and authentication systems

You need to ensure you set up the strongest possible authentic and access controls for all of your systems and accounts. This does not only mean setting new passwords, but also altering your IT security questions, switching to higher privacy settings and such like. 

You should literally go through all of your accounts in order of priority and evaluate the security measures you have in place. A lot of individuals have no clue what their security or privacy settings are, as they have never checked them. Go through everything with a fine-tooth comb. 

When it comes to security questions, it may sound silly, but you don’t have to answer the question accurately. You simply need to make sure it is memorable to you but not guessable to anyone else. ‘What’s your mother’s maiden name?’ ‘What’s the name of your first school?’ Hackers could uncover the genuine answers to these questions with ease.

Vet third parties and software solutions thoroughly

A lot of businesses mistakenly believe that the security of third-party vendors and software does not fall on their shoulders. 

If a breach was to occur, you can’t simply say it was your provider’s fault. You will have just as much of the blame and the fall-out (i.e. expenses and reputational damage) on your hands. So, no matter whether you have been trying out different website design software options or you have been looking to outsource a major part of your business, you need to be extremely cautious. 

You need to make sure they prioritise security. Don’t just take their word for it. Find out about the different security measures they have in place. 

Understanding your digital footprint 

It is important to have a thorough understanding of your digital footprint. Without this, it is virtually impossible to ensure you are operating with high levels of cyber security in place. 

Can you honestly say that you know where all of your important files and documents are stored across the web? Do you know how many websites have your credit card info stored? Most people input their data and then they simply forget about it. You would likely be shocked to discover where you have inputted such personal information. 

Whilst it is impossible to completely erase your digital footprint, you can manage it, and this is imperative. After all, if you don’t know where your personal data is stored, how can you protect it? All you need to do is keep a spreadsheet, stating where your personal data is, and what type of data is on the site in question. If you don’t need a site to have your information, delete it.

Penetration testing 

Finally, have you considered penetration testing? This is something you can indeed carry out yourself, although it is highly ill-advised to do so. It’s better to get experts to help you with this service. Pen testing is a very unique service and it links to the former point about really getting to know how you use the Internet and what your current level of security is. 

You can’t expect to move forward without having an understanding of where you are at now. Penetration testing, therefore, involves attacking your own system in order to determine where there are any vulnerabilities or threats. Of course, this attack will be done without causing any damage or risk to your IT systems. 

However, it is the most effective way of determining where your security weak spots are, and thus the most efficient way of fixing them.