Just about every business in the UK relies to some extent on computers. In almost every case, those computers have access to the internet. A data breach is, therefore, a tangible risk for businesses of every size. While the most high-profile cases involve household names like Sony, it’s actually smaller businesses who bear the brunt of the problem internationally.
When it comes to cybersecurity, the best approach is a proactive one. If you take action before a problem arises, you’ll protect yourself better against the risk. But what exactly might this action look like?
Improve password protection
Access to your computer network should be restricted based on one of three factors. You might present something you know (like a password), something you have (like a security key or a phone) or something you are (like a fingerprint). Two-factor authentication is becoming the norm these days, and it will make your system that much more secure – but you should still insist that your employees regularly change their passwords.
Monitor devices used by employees
You might not have the resources to provide everyone with their own laptops and tablets. If you don’t, then you should have strict procedures in place to ensure that these devices do not constitute a security threat. This might mean granting the network administrator the ability to monitor activity and install any required security updates.
Consistently update computers software
Antiviruses and firewalls need to be constantly updated in order to keep track of all of the threats that they must repel. This is normally conducted automatically, but your network administrators should still be held responsible when it fails to happen.
Security Incident & Event Management
A procedure should be put in place to review the causes of security incidents after they’ve occurred. The vulnerability responsible can thereby be eliminated, and lessons learned. You might also put into place outside expertise who can help you to manage the reputational risks conferred by a security incident.
Encrypt where possible
End-to-end encryption is becoming ubiquitous on the internet. Communication that takes place over an encrypted connection cannot be intercepted by a nefarious third party. Many messaging platforms used by businesses, particularly during an age of Covid-19, make use of end-to-end encryption. But often, it needs to be activated manually. Zoom, for example, offers end-to-end encryption, but the host of the meeting in question will need to enable it. Thus further highlights the importance of education for the users – who need to know this stuff if they’re to make use of it.