The online world is wonderful place, full of information on a range of topics from recipes to how to build a wooden horse… But as you know, it has a dark side. Everyone should take precautions to be safe when using the web, but especially business owners who often store sensitive information.
Keep the keys to the kingdom safe
“Passwords open the doors to your company data, for both users and attackers. As a baseline, tell your employees to use strong, unique passwords” – Source
Employees should be using strong different passwords to every website, service or software. But it can be quite hard to remember unique strong passwords for every login. Users sometimes apply the same passwords across dozens or hundreds of logins. This means even if one of these logins is compromised, the password can be used to access your company email or any of the logins putting the whole company at risk.
To avoid this from happening, employees should use a password manager. A password manager only requires a user to create and remember a single master password, ideally a very strong unique one and the password manager generates strong different passwords for every login. I recommend trying out https://www.lastpass.com/ as it has a free version to get used to it.
Johnny, we hardly knew ya.
“When someone leaves, you stop paying them. They turn in a copy of their keys or badge. But are you considering their access to data in your services?” – Source
Employees leave, it happens. Upsetting as it can be, you probably have processes for removing them from the company books, telling them to inform their clients of their departure, giving a handover to their successor and have them hand in their keys. But do they still have access to your data? Make sure to track what information your employees have access too.
Act immediately to disable access to information the moment the person stops working for you. Use features like remote wipe to remove any sensitive data on employee’s devices.
Financial data and clients’ personal information are just some bits of data that are accessed by your employees. Make a list of all the information your employees can access and make sure there is a process for an easy transfer or removal of this information.
Phishing for holes
“Cybercriminals want your data, and “phishing” is one way they pick the locks of your virtual doors” – Source
This method is used to attack both small and large organisations. Phishing refers to when an attacker tries to learn information such as login details or account information by masquerading as a reputable entity or person in email or other communication channels. Emails can come from anyone so it easy for cybercriminals to fool you or your employees for information.
Here are the most common qualities of a ‘phishy’ email.
· Contains an unfamiliar link
· Misspelled domain
· Format is unusual
· Email is from someone you ‘know’ but contains a strange request
· Email asks for your password via a login screen that has an unusual login screen
My best advice is to educate your employees on the common characteristics of ‘phishy’ emails or messages. If you or your colleagues see anything suspicious or unusual, make sure to alert your team and let them know to keep an eye out for it.
Have a safe and enjoyable holiday period and leave work with a secure workplace!