Is your business taking IT security seriously enough?

Is your business taking IT security seriously enough?


So much business is transacted digitally today that regardless of the size of your organisation, your IT security has to be tackled as a high priority at all times. It simply cannot be an issue which is kicked into the long grass or put on hold until a later date.

If your computers or your networks are compromised in any way then there is a big chance that your business and your bottom line will suffer. Your reputation could be seriously damaged, you could lose important clients, your productivity could be significantly hindered and some of your most precious and valuable information could be lost forever to cyber criminals.

And there are plenty of other seriously unwelcome scenarios that can play out as well if, as a business, you fail to properly protect your laptops, desktops, tablet devices or mobile phones. No one is immune to being hacked and it’s vital for small businesses, sole traders and SMEs to be aware that they are every bit as at risk as large-scale multi-nationals.

Clearly, IT security should be a high priority for any business and I’ve outlined below 7 essential recommendations I make to all my clients in this increasingly important context.

1. Patching

The importance of patching cannot be underestimated as we saw recently with the WannaCry ransomware attack on the NHS and hundreds of other organisations worldwide (check out my post for more details on this).

For most computers, when software needs patching/updating the process will happen automatically or you’ll receive a prompt to update and you simply select ‘yes’ and your software will update. However, when you are particularly busy and the software update prompt pops up at the wrong moment, it can be quite irritating. As a result, people often hit ‘no’ and ignore the option to update, usually with the best intention to go back and start the update when the time is right. Repeatedly putting off the update process though can leave your business vulnerable because often those updates are designed specifically to patch up and eliminate security weaknesses in the relevant software.

So updating software routinely when patches are made available helps to better protect your computers and your IT network as a whole. If you are using old software for which patches are no longer released then you should consider updating your systems as a matter of urgency.

Everyone in your business needs to take responsibility for security and my recommendation is that keeping your software updated and resilient to internet nasties should be a non-negotiable


2. Filter Email

A vital component of any email security system is filtering the emails that could cause harm to your machine and your network.  This can be done most effectively at the level of your email service provider. If your email service provider doesn’t offer this facility then my recommendation is that you consider switching to one that does so that they can filter your emails as a matter of course and keep out the various dangers that are out there.

What ‘filtering’ does apart from not allowing spam emails into your inbox is filter your email for phishing attempts and capture emails with any dangerous or malicious attachments. For example, when you are busy and you are going through your emails and you see an email that says ‘invoice’ the majority of people will naturally open the email. But sometimes the attachment is not really an invoice it’s an executable application which is designed to infiltrate your machine and do damage. But if your provider has email filtering then the email and/or attachment is going to be blocked and not end up in your inbox in the first place.


3. Anti-virus

My recommendation to all my clients is to use a paid-for anti-virus/anti-malware protection rather than one of the free versions which are widely available. Paid-for options are updated more regularly, you get support from the manufacturer if there is a problem, they tend to screen more effectively and they will usually offer considerably better protection while you are online. For example, when you are web browsing if you attempt to go to a site that has been compromised then a quality paid-for anti-virus software should keep you safe and alert you to the fact that the site has been compromised.


4. Be careful when using USB storage

One area of IT security which catches out a lot of people is the passing of USB sticks. For example, at a conference or seminar, where you are asked to bring your presentation on a memory stick and unbeknown to you the machine you are putting your memory stick into has been compromised. You then bring the stick back into the workplace and use it at some later date and pass on the virus to your network. Or you allow someone to put their USB stick into your machine and the stick has a virus on it and the rest is history.

My recommendation is that you keep a selection of USB sticks for your own use and consider them to be the only ones you use on your machine.  If you are speaking at a conference or seminar then you should email your presentation to the organisers ahead of time or make it available via the cloud so that you don’t need to keep it on a USB. If you want to take a back-up of your presentation on a stick or you have no choice but to bring your presentation on a USB stick then make sure there is nothing else on the stick and either discard the USB safely afterwards or give it to your IT department to wipe clean.

And remember that USB storage security does not only apply to memory sticks. If your anti-virus software doesn’t scan removable storage, then your staff could infect your company’s network simply by moving something simple like a digital camera, an MP3 player or a smartphone between their home computer and their work machine.  Even if they are just using their computer at work to “charge” their smartphone, a data connection is often established between the two machines and that presents a potential security risk.


5. Use complex passwords

Always use passwords that contain mixed case letters, numbers and ideally symbols. There are some websites and services that do not allow you to use symbols but you can certainly use mixed case letters and numbers. Consider substituting some letters for numbers, for example, let’s say your password is based on something containing the word ‘three’ you can use the digit ‘3’ instead. Sometimes people use the digit ‘3’ to represent ‘E’ although it’s backwards. It can all help to make your passwords more secure and less easy to guess.

Passwords should be at least 8 characters in length but 12 is better as they become more difficult to hack. If your password is not a phrase or a dictionary word it also becomes a lot harder to hack. It might be more difficult to remember but it could also make your computer or your online account much more secure.


6. Don’t change your password unless you need to

This may seem counter-intuitive, but once you have come up with a really strong password, unless you feel that password has been compromised then don’t keep changing it and continue to follow the advice below.

It’s really important to use different passwords on every single platform you use because if one of the services you use has been compromised it becomes a lot easier to get into your other services if your passwords are all the same and particularly if your login name is also your email address.

If you are worried about remembering your passwords for all the services you use then use a password management system like LastPass or Dashlane which will remember the passwords for you and will encrypt them. This means you can have even the most complicated of passwords and make them different for every site but you don’t have to worry about not remembering them.

Of course, you may be forced by the site or application you are using to change your password regularly but in those circumstances a password management system will still mean you’ll never be left scratching your head.


7. Don’t let anyone else use your business laptop for fun

Allowing someone else to use your work or business laptop is easily done and it can seem perfectly harmless. It could be your partner, your children or another family member who just wants to look something up or play a game perhaps.

Most of the time this won’t be a problem but if you don’t know exactly where someone is surfing then it could be that they’re inadvertently inviting problems on to your computer, which can then very easily be passed on to your entire corporate network. So it can be really important to be strict on the use of your work laptop at home and to let your nearest and dearest know that it is reserved solely for your professional purposes.


Doing what it takes to stay secure

Some of the stories that emerge on a regular basis at the moment of company hacks and corporate network compromises can be seriously worrying from a business perspective. But with the right approach and the right habits, there’s no reason you can’t protect your business and be confident in the security of your systems.

Contact us at SCA if you would like more in-depth advice on any of these issues.