Top tips for ensuring your business is security savvy – Cath Goulding

15th May 2015

Cath Goulding, Head of IT Security at Nominet advises on how to ensure your business is prepared for the security challenges facing it.

In recent months, hacking stories have been near the top of the media agenda. From the Heartbleed bug to the Sony hack, these stories made the headlines perhaps partially due to the size of the businesses involved and the brand names, but businesses of all sizes can be just as vulnerable. The Department for Business Innovation and Skills (BIS), suggest that 60% of small businesses had a security breach in the last year at an average cost of £65,000-£115,000 for the most severe attacks.

There is a lot of information out there and it can be overwhelming, it’s also a very technical field, so where do you start? Good cyber security is about education and creating a culture where everyone understands their responsibilities. It’s not just about the IT department; every employee in the company needs to be aware of the risks and what they can do.

When you understand the basics it’s not actually that hard to be secure and some very basic “cyber hygiene” can block around 80% of cyber-attacks. Here is some advice that everyone, from individuals, to small business owners and employees can follow to ensure security and virtually no cost:

  • Understand your data – Think about who would gain anything from stealing it. Have you any intellectual property? Are you worried about money, reputation or availability of your services? This is the important first step, to establish the value of the data you hold.
  • Protect your data – Now you understand its value, it’s important to protect it and consider how secure it is. The important questions you should ask yourself here are: where do you store your data? How is it stored? And who has access to it?
  • Manage accesses – Consider who needs to have access to the data and who may need to just view it. It’s important to keep tabs on this to ensure there are no unnecessary leaks.
  • Effective passwords – Passwords are a nightmare for everyone but they are still the most important security feature you can employ against potential criminals. You can only remember around five decent passwords so don’t even try to have more. If you do have a terrible memory consider using a password manager – there are loads for free apps available or for a small amount of money. In terms of password creation, where possible ensure they are longer than 14 characters – using passphrases like ‘iloveshinyshoes’ is a great idea – and make sure every password you use is different.
  • Install two factor authentication – This is important particularly on your main webmail, be it Gmail or Hotmail etc. 2FA for webmail often works by device, so you’ll only have to enter a code once for each different device you use. This is so important as the process for resetting passwords for most other accounts is to resend a password to your email account.
  • Be careful with Wi-Fi – It’s always best to use secure Wi-Fi. It’s tempting to use unsecured, free networks when required but they are more risky. Try to always use a Wi-Fi network with a password (obtained from official sources) and if you must use free, open wifi then be very cautious about what data you’re sending.
  • Enable device access codes – We all know, smartphones and tablets are small and easily lost or stolen. For this very reason it’s crucial to put an access code on all your devices and enable features such as ‘Find my iPhone’ which will enable you to track or remotely wipe your device should it get lost or stolen.
  • Install anti-virus – Anti-virus software is still a security must have. Chances are you already have an anti-virus program installed on your machine too, but if you don’t know, make sure you check and install one. Many banks will offer you free licences if you bank with them online so it’s worth looking up what’s available before making any purchases.
  • Keep software up-to-date – Do install those updates on your machines when you get reminded and don’t run old operating systems such as Windows XP. Your software is built in to keep you safe so make sure it’s as useful as it can be.
  • Finally – be prepared – Make sure you have a plan of action in place for getting things back on track should the worst happen. If you have customers it could be worth ensuring you have a comms plan in place so you can keep them informed. Your reputation is a valuable asset that will remain intact with good messaging.

The slides accompanied Cath’s Lightning Talk on How Not To Get Hacked at Digital Shoreditch 2015.