Lock down your logins
Start by lengthening your passwords into passphrases (a string of three or four random words, or a whacky sentence), ensuring they are unique for each account, and insisting your staff do the same. If you’re not confident about remembering a swathe of passwords off the top of your head, The Australian Cyber Security Centre suggests a password manager in their recommendations around passphrases.
These tools can help you generate and store passwords for your less critical services – just make sure you’re not storing passwords for critical accounts such as internet banking, and that your password manager is itself protected with a long, unique passphrase you’ve committed to memory.
Another layer of security that all businesses should consider implementing, which offers exponential protection on top of a long password alone, is multi-factor authentication. Multi-factor authentication is an extra step during login that requires you to supply an additional piece of information, such as a random code sent by SMS or generated on your phone, to complete the login process.
This security feature is available on many popular services, and is so effective that the Australian Cyber Security Centre considers multi-factor authentication as one of its ‘Essential 8 Strategies to Mitigate Cyber Security Incidents’.
As part of this process, it might also pay to do a stocktake of the access your staff have to your company network and the applications that run on it, to check that this access is still appropriate for their current role and that someone who has left your organisation hasn’t retained access.
Update and automate
Just as it’s important to keep up with maintenance around the home, so too is it important to pay attention to routine cyber hygiene, which, like a broken deadlock on the front door, has the potential to become a much bigger problem if left unrepaired indefinitely.
Start by reviewing the inventory of the operating systems and applications that your business is using, and checking firstly whether they’re still required (or if they belong there in the first place!), and then if they are, whether they are up to date, including whether security updates are available. Patching these security cracks will ensure you’re not inadvertently leaving a door ajar for a cyber criminal.
You can stay one step ahead by switching on automatic updates.
Scan and protect
With your mind on the topic of software bugs, take a moment to confirm all your devices are still protected by a quality antivirus program. Make sure you’re using all the features the antivirus provides, and set the software to conduct regular scans on all of your devices.
Back it up
With ransomware looming as an existential threat for many businesses, it’s never been more important to know where your data lives, how it’s protected, and whether you’d be able to survive and recover from a cyber security incident that knocked your business offline.
Carefully consider how frequently you backup your data, relative to how much potential data loss you can ‘tolerate’ based on the volume of transactions or customer interactions your business is processing each day.
With the end in sight, think about where your data is. What happens to the photos you take on your phone? Where do all the documents you create on your laptop get saved? Dropbox, OneDrive, Google Drive, iCloud - a brief journey down this rabbit hole may lead you to consolidate your cloud storage needs and close down any accounts you don’t need.
Review the access permissions you’ve granted to people and make sure your data is configured to automatically backup to cloud storage in the event your laptop or phone were lost or broken.
Consider rehearsing scenarios where your business is impacted by a cyber security incident to test your business continuity and recovery plans.