5 top information security tips every New Zealand small-medium business owner should know
Cyber attacks and security breaches are on the rise.
Latest research has revealed that there were 108 attacks in New Zealand per day last year from ransomware (up by 160% on 2014)* and it’s estimated that cybercrime cost Kiwis almost $257m in the previous year**. As the recent 'Petya' ransomware attack shows, the threat continues to grow.
So how can you protect your company, and stay one step ahead of the bad guys? You can start here, with these 5 security basics.
1. DON’T WAIT, UPDATE
While it’s tempting to ignore that little pop up box when it appears (“Argh I’m too busy, I’ll do it later”), it’s actually vitally important that all your company devices, operating systems, software and applications are kept up to date with the latest versions and patches. Updates are there for a reason, and delaying action can leave the door wide open for attackers.
2. HAVE A BACK UP PLAN
If you don’t have one already, you need to develop a solid backup strategy for all your important files and data (eg customer records, financial information). Ideally this will involve daily backups plus a weekly or monthly backup, and offsite storage of at least the weekly back-up media. You may also wish to consider using encryption when critical data is stored on portable devices or removable media. This adds further protection in the event of loss or theft.
3. KNOW WHAT’S WHERE
It’s good practice to make an inventory of all of the computers and devices in your company that you need to protect. You also need to know exactly where your sensitive data is stored, and take steps to safeguard it. Asset management and risk assessment are specialist areas, so you may want to bring in some outside expertise to help you get a handle on it, and establish key steps your business should take in the event of a data breach.
4. GIVE POWER TO YOUR PEOPLE
Security is not just an IT issue, it’s a staff issue too. But give your employees the right training and education, and you can minimise the risk of human-related error exposing your data. For starters, reinforce the importance of strong passwords and make it a policy to change passwords on a regular basis (a minimum of every three months). Tell staff not to click on links on emails from unknown sources. Provide a set of safe email and Internet browsing rules. Have them report any suspicious activity or a questionable incident immediately. Build security awareness into your organisation’s culture by making it part of everyone’s role.
5. CALL IN THE EXPERTS
Security is a moving target, and cyber criminals are getting more advanced every day. It’s likely you’re too busy running your business to make this a key focus, so it’s a good idea to get help from a reputable IT service provider who has the tools and knowledge to be your security arm. HUM, for example, offers a total security solution, from managing your antivirus software, spyware and spam filters, to data backup and security patches. We also monitor network activity 24/7, to make sure nothing untoward is going on.
ON A GOOD NOTE: Despite the ever-escalating risk, prioritising security, gaining peace of mind and putting measures in place to see that your networks, devices and data are safe and secure is acutally easy. Thanks to HUM.