As a business holder, you are aware that it is important to be well insured. Your building, your equipment, and possibly your staff: each one has an adapted insurance. There is, however, one area that small-medium companies do not always think about: protecting their company’s information, knowledge and data. Yet, their importance is crucial.
You are most probably aware of the computer threat that is hanging around today. You may even think that only multinationals are concerned and have to take action in this area. This is not the case: every company, whatever its size or its activity, must guard against cybercrime.
The tips below, developed by Belgian Cyber Security, are a good starting point to know how to protect yourself easily, as well as your business.
- Cyber threat awareness education
It is crucial for your company that your employees are aware of the various IT threats and the security measures to be taken. In the interest of your business, you should encourage them to use passwords correctly, to communicate and to store digital files in a secure manner.
If your employees only have access to the information they need to fulfill their function, the security risks are automatically reduced.
- Install antivirus and perform regular scanning
Antivirus is a must in your business! You may think that it is not necessary to install an antivirus because your PC has never been infected before? If you do not have an antivirus scan, you cannot say for sure. Your computer or that of one of your collaborators could indeed be infected with a virus for some time, without you being aware of it. Do you know that a free antivirus protects you from 5% to 10% of cyber-threats? A risk that you should avoid if you want your business to be secure.
What if you receive a virus warning?
- Via your own antivirus: follow the steps suggested by your antivirus to solve the problem. You can certainly take this warning seriously.
- Via a pop-up screen on the Internet: While you surf, never click on a pop-up screen that says your computer is infected. There is a good chance that this warning is false. Instead, close your Internet browser.
- Via a program, you do not know: never click on warnings from programs you do not know. Close the screen and restart your computer.
- Via e-mail or phone: Never trust companies, organizations or bodies that call you or send an e-mail to ask you to perform certain manipulations on your computer. Delete the e-mail or hang up
- Keep your system up to date
Use automatic updates as much as possible. A series of programs and various browsers offer automatic updates. If you are using a paid antivirus software (also called security suite), then do not worry! The latter performs its updates automatically.
- Regularly perform a backup copy
Regularly back-up important data and information. Determine which data should be backed up, how often it should be backed up and where the copy will be saved. Keep this backup in a safe place and make sure it is always disconnected from the network. Also, if you notice that you have been infected, immediately disconnect from the network.
Also, keep information on your computer that is not connected to the network or on paper, such as important e-mail addresses and phone numbers, or information about your Internet service provider.
- Protect Data
The internal network of your company should in principle give access only to the websites necessary for the execution of your professional activity. This does not mean, however, that all websites for private purposes must be blocked. A good alignment with the members of the company is therefore important.
Nevertheless, a single visit to an unknown or falsified site can be enough to infect your computer. If the web address starts with “https: //”, you can surf safely.
- Use strong passwords
The longer your password, the more secure it is: numbers, capital letters and symbols make your password more difficult to hack. Plus, reusing the same password several times is not a good idea: if your data is hacked on a site, authors will generally try to use your password on other sites to hack your accounts. For smaller accounts where no banking or personal data is included, it is sufficient to use variants of the same password. Some examples of “less important” accounts: mailbox, social networks and web shops.
Changing your private account passwords once a year is a good idea. In the professional context, we recommend changing passwords even more often, given the sensitive information that circulates there.
- Secure your mobile devices and wireless Internet
The increasing use of mobile devices is a challenge in the field of security. It’s better to never make online payments or introduce important account passwords when working on an unsecured wireless network.
The BYOD (Bring You Own Device) concept is an increasingly popular approach, which nevertheless creates an additional cyber risk. Indeed, information specific to the company is thus disseminated and consulted on private devices. Draw the attention of your colleagues to the fact that the use of mobile devices entails additional responsibility. Always keep a watch on your mobile devices, check your environment before using them and immediately report theft or loss of a device.
An additional benefit of using a paid antivirus software: you can adapt the number of licenses to the number of users.
- Do not click any link, image, or video
You receive an e-mail from someone you do not know? Above all, check the sender. Do not open any links or attachments in your emails, even if they look genuine. Criminals use phishing to try to get your personal data for later use.
Some clues to verify the authenticity of an e-mail
- Unexpected: You have no reason to receive a message from this sender
- Urgent: a second request for payment, a friend in distress: phishing messages often ask you to act immediately.
- Spelling errors: check the e-mail address of the sender. In general, it contains misspellings, but this is not always the case. In short, stay alert!
- Title of civility vague: the title of greeting is very general and does not mention your name? In this case, it may be a falsified message.
- Payment method: Phishing messages often require unusual forms of payment.
- Separate private and professional accounts
Do you use the same password for your private and business accounts? Very bad idea! For smaller accounts where there are no bank or personal data, it may be sufficient to use variants of the same password.
Also, give as little personal information as possible if you subscribe to newsletters, forums, etc. The less personal information you have on the Internet, the less likely it will be for you to use it.
- Delete accounts you do not use
Do you no longer use certain accounts or software? Delete them simply. The more opportunities for cybercriminals, the greater the likelihood of an attack.
It’s important to be aware of cybercrime threats, whether it’s on personal or company level, in order to react on them in an appropriate manner. If we ignore them, these security incidents can have a great impact on us, either as individuals or companies.