Your business is increasingly dependent on IT systems and therefore increasingly a target for those who wish to disrupt, devalue or destroy your livelihood. Dane Stevens from Vale Cyber shares free, easy-to-implement steps that can reduce your risk of becoming a victim.
39% of SMEs have suffered a breach in the last 12 months. Hoping to stay under the attacker’s radar is no longer an option, and ‘it won’t happen to us’ is a dangerous misconception.
It may be true that not all businesses in the construction sector are high value targets for hacktivists or state actors, but every business is a target of the low-level, well equipped common or garden variety hacker.
They’re opportunistic, panning for gold in a river of weak passwords, insecure devices and bad practice.
The implication for you is often at best financial damage, or worse – reputational humiliation.
We can work longer or harder to recover money, but how can you reassure your clients that you’re safe to work with after sending them an email that brought their systems down for a day? There are five fundamental areas that every business can manage for better security.
1/ Use protection
Antivirus software will protect you from the most pervasive threats. Many antivirus solutions are pitched towards organisations with complex requirements or those that operate in sensitive environments.
The Windows operating system comes with antivirus software inbuilt, but it must be correctly configured and enabled.
Whether you install additional protection to mobiles, tablets and Apple computers is the result of some simple cost/benefit analysis.
You don’t have to – they are very secure by design – but when antivirus software is so cheap it’s an easy decision for me: I’ll take the benefit of extra protection.
2/ Back up your files
Start this process with a paper exercise, think about what information you need to do your job today. If you’re attacked with a virus or ransomware you’ll lose access to it. How far could you track back without great loss if that happened? Could you revert to yesterday’s information, or last week’s and start again?
Once you know this, you know how often you should create a backup.
Tip: Create an ‘air gap’ between your backups and the internet; store them on a USB and disconnect it from the computer when not in use, or store them in the cloud for better protection.
3/ Secure your mobile
What do you access on your mobile? With access to your phone a hacker, a competitor or even a disaffected employee could cause havoc. Passwords resets, verification codes and confidential information are all gold to a threat actor.
Ensure you have proper authentication with a pin or better, biometric methods like facial recognition or fingerprint access.
‘Find My’ app allows Apple users to find, lock or erase lost iPhones, iPads, and Mac laptops and computers. Make sure you’re familiar with it and ensure that it’s properly set up in case the worst happens.
4/ ‘Password’ can’t be your password
Too much complexity is a bind, and thankfully it’s no longer a recommended practice. Use three or more random words and add a capital letter or two. The result is a password that is strong enough to protect you until a hacker gets bored and moves on. If you think your password has been compromised then change it, otherwise don’t routinely change passwords.
Finally, don’t use the same password for different accounts; it significantly increases the impact of a password breach. If you’re finding it hard to remember different passwords then save them in your browser.
5/ Urgent Action Required: Overdue Invoice
Of course, scam emails (or phishing) will be far less likely to originate from your email address if you implement these steps but you’ll still receive malicious emails from your less conscientious and cyber aware contacts.
The best defence against social engineering attacks like phishing is awareness. The trick is to deliver that awareness through training and communication and not as the result of someone in your workforce clicking a bad link or downloading a malicious attachment.
Treat emails, calls and messages with suspicion and look out for the obvious signs.
Far be it from me to disagree with the proverb, but I would suggest that reward comes easier with well managed risk. The steps above are easily achievable for every business and will secure you from the most common threats facing all businesses linked to the internet.
Read more about how you can protect your business at https://vale-cyber.net
This article was originally published in AccessPoint Magazine, if you would like to receive future editions of the magazine for free you can join the mailing list here:
You can read the latest edition of the magazine online here: