On the list of things to worry about for our small business clients, this may come down at the bottom. We all know it’s important but it’s a scary specialist field. So how might you work to improve your knowledge of this area and tick off a few of the easier security measures that you can put in place?
At the bottom of this blog, we will also put a link to a comprehensive checklist which is not for the faint hearted – but would give you an overview of the complete cyber security actions you could take. At least then you can talk intelligently to your IT service provider about what you want.
I’ve talked to our Chief Technical Officer, John Curtis, who is one of NZ’s most experienced software developers and an expert on how small business can keep itself safe. I asked John for his top tips and here there are:
Move to the Cloud
This may sound counter intuitive to many but if you are using an onsite-server and have remote access to it, then you are extremely exposed to hackers. Cloud based servers are typically run by companies with dedicated security teams protecting them. Your server has you.
As an anecdotal aside, I ran a small business with an onsite server back in 2004 which was hacked. I lost all data and huge bills were run up on my account with Vodafone which I was legally responsible for. It was a crushing blow to the business. I would hate for any of the Beany clients to go through a similar experience.
Use 2 Step Authentication for all your Team
This means that if one of your team members inadvertently allows their password and user name to be accessed physically (either by a disgruntled colleague or partner) or their email is hacked and the information stolen, then it will stop anyone else logging on as them.
The way this works is that anyone logging on from a new device will have to enter the number sent to your mobile phone. If you get a login request from a new device, you’ll know if that’s you or not.
Google how to add 2 step authentication if you’re not sure how to do this.
Don’t Open the Box!
This was an amazing book that my children loved reading when they were little called ‘Don’t Open the Box’. It literally wound up the tension (via an elastic band) until there was a release of a jack in the box on the last page.
Cyber security can be like that, a series of steps until the Jack leaps out in your face.
The final stage is clicking on that email which doesn’t look quite right. It’s from a familiar address – but maybe the words don’t look right or there is an odd IP address.
DON’T OPEN THE BOX! In other words, if you have any doubts about the source of an email, do not click on the link, do not put in your user name and password, do not forward to anyone else.
Take an Interest in your Website
All websites need constant maintenance from technical security updates to changing team members and news updates. Familiarise yourself with it or delegate this to someone that you trust and schedule a regular catch up with your trusted person.
At the very least, check that all security updates are being done and only the users you need have access to it.
Now here is the link to the checklist, it is very thorough and we highly recommend it: https://cto-security-checklist.sqreen.io/