Keep Software Updated

Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices:

    • Turn on Automatic Updates for your operating system.
    • Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
    • Make sure to keep browser plug-ins (Flash, Java, etc.) up-to-date.
Avoid Phishing Scams – Beware of Suspicious Emails and Phone Calls
    • Phishing scams are a constant threat – using various social engineering ploys, cyber-criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
    • Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email.
    • Be suspicious of any official-looking email message or phone call that asks for personal or financial information.
Back Up Your Data
    • Identify What Data You Need to Back-up:

Your first step is to identify your essential data. That is, the information that your business couldn’t function without. Normally this will comprise documents, photos, emails, contacts, and calendars, most of which are kept in just a few common folders on your computer, phone or tablet or network.

    • Keep Your Back-up Separate From Your Computer:

Whether it’s on a USB stick, on a separate drive or a separate computer, access to data back-ups should be restricted so that they:

• Are Not Accessible By Staff
• Are Not Permanently Connected (either physically or over a local network to the device holding the original copy)

Ransomware (and other malware) can often move to attached storage automatically, which means any such back-up could also be infected, leaving you with no back-up to recover from. For more resilience, you should consider storing your back-ups in a different location, so fire or theft won’t result in you losing both copies. Cloud storage solutions (see below) are a cost-effective and efficient way of achieving this.

    • Consider The Cloud:

You’ve probably already used cloud storage during your everyday work and personal life without even knowing – unless you’re running your own email server, your emails are already stored ‘in the cloud’.

Using cloud storage (where a service provider stores your data on their infrastructure) means your data is physically separate from your location. You’ll also benefit from a high level of availability.

Service providers can supply your organisation with data storage and web services without you needing to invest in expensive hardware up front. Most providers offer a limited amount of storage space for free, and larger storage capacity for minimal costs to small businesses.

    • Make Backing Up Part of Your Everyday Business:

We know that backing up is not a very interesting thing to do (and there will always be more important tasks that you feel should take priority), but the majority of network or cloud storage solutions now allow you to make back-ups automatically. For instance, when new files of a certain type are saved to specified folders. Using automated backups not only saves time, but also ensures that you have the latest version of your files should you need them.

Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you’ll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.

Always Install Antivirus/Anti-Malware Protection

Only install these programs from a known and trusted source. Keep virus definitions, engines and software up-to-date to ensure your programs remains effective.

Practice Good Password Management

We all have too many passwords to manage – and it’s easy to take short-cuts, like reusing the same password.  A password manager can help you to maintain strong unique passwords for all of your accounts.  These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically.

Avoid Using Predictable Passwords

If you are in charge of IT policies within your organisation, make sure staff are given actionable information on setting passwords that is easy for them to understand. Passwords should be easy to remember, but hard for somebody else to guess. A good rule is ‘make sure that somebody who knows you well, couldn’t guess your password in 20 attempts’. 

Staff should also avoid using the most common passwords, which criminals can easily guess. 

Remember that your IT systems should not require staff to share accounts or passwords to get their job done. Make sure that every user has personal access to the right systems, and that the level of access given is always the lowest needed to do their job whilst minimising unnecessary exposure to systems they don’t need access to.

Change All Default Passwords

One of the most common mistakes is not changing the manufacturers’ default passwords that smartphones, laptops, and other types of equipment are issued with. Change all default passwords before devices are distributed to staff. You should also
regularly check devices (and software) specifically to detect unchanged default passwords

Use Two Factor Authentication

For ‘important’ accounts, if you’re given the option to use twofactor authentication (also known as 2FA) for any of your accounts, you should do; it adds a large amount of security for not much extra effort. 2FA requires two different methods to ‘prove’ your identity before you can use a service, generally a password plus one other method. This could be a code that’s sent to your smartphone (or a code that’s generated from a bank’s card reader) that you must enter in addition to your password.

Always Be Careful What You Click

Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically install (often silently) and compromise your computer. If attachments or links in an email are unexpected or suspicious for any reason, don’t click it.

Never Leave Devices Unattended

The physical security of your devices is just as important as their technical security:

    • If you need to leave your laptop, phone, or tablet for any length of time – lock it up so no one else can access it.
    • If you keep protected data on a flash drive or external hard drive, make sure their encrypted and kept safe.
    • For desktop computers, lock your screen or shut-down the system when not in use.
Safeguard Protected Data
    • Keep high-level Protected Data (e.g., financial information) off of your workstation, laptop, or mobile devices.
    • Securely remove sensitive data files from your system when they are no longer needed.
    • Always use encryption when storing or transmitting sensitive data.
Use Mobile Devices Safely

Considering how much we rely on our mobile devices and how susceptible they are to attack, you’ll want to make sure you are protected:

    • Lock your device with a PIN or password – and never leave it unprotected in public.
    • Only install apps from trusted sources (Apple AppStore, Google Play).
    • Keep the device’s operating system up-to-date.
    • Don’t click on links or attachments from unsolicited emails or texts.
    • Avoid transmitting or storing personal information on the device.
    • Use Apple’s Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
Don’t connect to unknown Wi-Fi Hotspots
When you use public Wi-Fi hotspots(for  example in hotels or coffee shops), there is no way to easily find out who controls the hotspot, or to prove that it belongs to who you think it does. If you connect to these hotspots, somebody else could access:
    • What you’re working on whilst connected
    • Your private login details that many apps and web services maintain whilst you’re logged on
The simplest precaution is to not connect to the Internet using unknown hotspots, and instead use your mobile 3G or 4G mobile network, which will have built-in security. This means you can also use ‘tethering’ (where your other devices such as laptops share your 3G/4G connection), or a wireless ‘dongle’ provided by your mobile network. You can also use Virtual Private Networks (VPNs) a technique that encrypts your data before it is sent across the Internet. If you’re using third party VPNs, you’ll need the technical ability to configure it yourself, and should only use VPNs provided by reputable service providers.