In recent years, we have noticed a surge in our members’ emails and social media accounts being hacked, with the criminals then using these trusted accounts to send Bitcoin posts or unsolicited phishing emails. This can cause damage to businesses and unnecessary stress to business owners. It is disheartening when years of investment into social media accounts and client lists are lost or damaged following a cyber attack.
We have asked Operum.Tech, our expert IT partners for over 20 years, to compile 12 top tips to help you to secure your business online...
Tip 1. Use strong passwords for each account.
To create unique passwords, you can use websites such as Password Generator or a built-in password manager. A good way to create memorable passwords is by using letters from a well-known song or poem. For example, taking the first letter from each word of the “London Bridge is Falling Down” nursery rhyme would create the password LBifdfdfdLBifdmfl. Adding a number and a special character makes your password more secure.
Note: Never use your date of birth or other personal information as a password, these personal details are no longer confidential due to overuse.
Tip 2. Password managers – why we need them
Having a unique password for each website and login creates a challenge. The best way to store passwords is to use a password manager. Dedicated password managers like 1Password are available, or you can use the built-in options in your web browser such as Google Chrome, Microsoft Edge, Firefox, and Safari.
Ensure your password manager is protected with a password to prevent unauthorised access.
Tip 3. Keep your Social Media accounts safe
Social media accounts, often business storefronts, are frequent targets. Apply Tips 1 and 2 to your social media accounts. It is a good idea to use email addresses that are not associated with your company name for social media logins. Ensure your computer is fully up-to-date computer to prevent cyber threats.
To verify if your Windows 11 system is up-to-date, follow the basic steps below:
- Click on the ‘Start’ button, usually located in the bottom left corner of your screen.
- Choose ‘Settings’ from the menu.
- Within the ‘Settings’ window, select ‘Windows Update’ from the sidebar on the left.
- Click on ‘Check for updates’ button on the right.
To ensure that your Mac system is fully up-to-date, please follow these simple steps:
- Click on the Apple icon in the top left corner of your screen.
- From the drop-down menu, select ‘System Preferences’
- In the ‘System Preferences’ window, click on ‘Software Update’.
- If updates are available, click on the ‘Update Now’ button. You can also select ‘Automatically keep my Mac up to date’ to streamline this process for the future.
To enhance security, get a separate domain and use emails from it for social media logins. Structure the email format, like firstname.lastname@example.org or email@example.com. While a Gmail address is also an option, it’s less preferable due to potential recovery challenges in the event of a takeover.
Keep passwords private; avoid sharing them. Create separate usernames and passwords for individuals to identify breach points easily. If multiple people access an account, protection becomes challenging.
Tip 4. Two-factor authentication – how to set it up, what is it and why we need it.
Enhance security with two-factor authentication (2FA) or multi-factor authentication (MFA). Use app-based authentication like Google Authenticator instead of SMS-based methods.
Definition: Two-factor authentication (2FA) enhances online security by requiring a password and a second, temporary code for account access. Multi-Factor Authentication (MFA) is a broader approach, adding extra layers of security for account protection.
Tip 5. Avoid using unsecured public Wi-Fi for sensitive transactions or data sharing.
Public Wi-Fi networks, despite assurances from hotels or restaurants, are not secure. Free services, especially in terms of security, have limitations and are easy targets. A detailed blog post on this topic is available here. In summary, using public networks for your internet connection is risky and should be avoided. If unavoidable, limit usage to non-confidential operations, as precautions may not prevent data breaches and access to sensitive information.
Tip 6. Secure your business Wi-Fi network with strong encryption and change default passwords.
Various encryption methods exist in computing; among them, WEP (1997), WAP (2003), WAP2 (2004), and WAP3 (2018). Replace devices using WEP, WAP, or WAP2, like your office Access Point, to prevent potential cyber threats. Newer devices use randomised wireless passwords for improved security. Consider replacing devices older than 2-3 years for optimal safety.
Tip 7. Use reliable firewall, anti-malware and anti-virus software on your devices
A firewall is like a personal bodyguard, stopping direct attacks. However, for virus protection, you need antivirus software, like ESET. All devices, which use Windows 10, Windows 11, MacOS, iPhone, iPad, and Samsung mobile, have built-in firewalls. It’s crucial not to disable them. Security software might create some friction, but it’s essential, much like keeping a lock on your front door for overall well-being.
Tip 8. Regularly back up any important data
Ensure your company data storage, whether on an off-site server or in the cloud, can grow with your needs. Not all cloud backups are the same—some providers limit how much data you can store and how long they keep it. Look into these details to match your needs. To be extra safe, have a backup plan. We recommend Cloud 2 Cloud backup for added security.
Tip 9. In the workplace, limit access to sensitive data based on roles and responsibilities.
In some cases, users are granted excessive access, like a CEO having access to all company resources. However, they often lack the time or interest to log into every department. If their credentials are leaked, cybercriminals can gain unrestricted access. Least Privilege Access is a solution, granting users only the necessary access for their roles. For instance, someone in HR shouldn’t have access to financial or marketing records. This not only prevents cybercriminals but also guards against insider threats, intentional or accidental, like data deletion.
Tip 10: Use a reputable and secure payment gateway for online transactions.
Choose a secure payment gateway for online transactions. Opt for well-established options like PayPal, Stripe, or Square, known for robust security measures. These platforms use advanced encryption, ensuring safe financial transactions and instilling customer confidence in a secure online environment.
Tip 12: Make sure your website’s SSL certificate is up to date
Ensuring your SSL certificate is up to date is essential for maintaining security for online businesses. An SSL certificate is like a digital passport that encrypts the data exchanged between a user’s browser and your website, safeguarding it from potential cyber threats. Regularly updating this certificate ensures that the encryption methods used remain strong and effective, providing a secure connection for visitors to your site. A current SSL certificate not only enhances the trustworthiness of your website but also helps protect sensitive information, reinforcing your commitment to a safe online environment for users.
Tip 11. Educate staff about the best practices for staying safe online.
Cybersecurity is a rapidly evolving field in IT. In the early 2000s, IT professionals often had diverse roles, but now, each specialisation, including cybersecurity, is a distinct full-time job. The complexity is increasing, emphasising the need for continuous education to stay ahead of cyber threats. Various platforms offer training for those interested in staying informed, such as the one discussed in our blog here.
Most importantly, stay vigilant against suspicious emails—avoid clicking on unfamiliar links or downloading attachments from unknown sources. If your computer or online accounts are ever compromised, don’t hesitate to reach out to our expert team for assistance!
Should you need support in securing your business online or managing IT services, allowing you to focus on your core business operations, feel free to contact our IT partners at Operum Tech.
The House Directory will be introducing more of our specialist industry partners in the coming year who will be sharing their valuable expertise with our community, to help you to elevate and enhance your business.