Cyber-security Basics

David Bailey's iconic image of the Kray brothers

Cyber-security Basics

Simple ways to protect your business

David Bailey's iconic image of the Kray brothers

David Bailey’s iconic image of the Kray brothers

50-something years ago, protecting your new business in London often meant paying money to the Kray Brothers or the Richardson Gang. These days the threats faced by new businesses are less likely to involve physical violence and more likely to involve data theft.

So what should you do to protect an e-business start-up from modern-day gangsters and criminals?

Cyber-security isn’t an optional extra

Cyber-security is a business essential. No-one can afford to ignore it, and it’s even more important for digital businesses. Not only is your core asset at risk, data management and security is now covered by a stack of legislation and regulation. Get it wrong and there can be serious consequences.

It’s a good idea to make sure you’re insured, but insurance companies are understandably keen to make sure you do everything in you can to protect yourself.

So what do insurance companies expect, and what do you need to do to protect your fledgeling e-business?

Data security

Never overlook the need for regular data backups – they should form the basis of every data security policy. If you have an IT failure they are often the only way you can recover your work, your own data, and data owned by customers. It also makes sense to regularly check the quality of your back-ups and how well your recovery procedures work.

Photo of a computer room circa 1980 - Back-up has been a central plank of computer operations and data security from the earliest days - and for good reason.

Back-up has been a central plank of computer operations and data security from the earliest days – and for good reason

Back-ups are also a required to comply with many regulations such as the General Data Protection Regulations (GDPR), Payment Card Industry (PCI), Data Security Standards (DSS) and the ISO 271001 standard.

These regulations and standards insist you create policies for internet and email usage, and data protection. Make sure your whole team understands and follows these policies. That way things are less likely to go wrong and are easier to fix if they do.

Keeping the bad guys out

Make hiring a trained specialist a priority, to take responsibility for your IT security. In fact, you will probably find some insurance companies insist on it. You also need to nominate a Data Protection Officer to comply with GDPR.

But even before your business grows to that point you can take some simple steps to stop unauthorised access to your computer systems.

Picture of a young man at a computer screen - Hackers come in all shapes and sizes, and with an equally diverse range of motivations

Hackers come in all shapes and sizes, and with an equally diverse range of motivations

Try to use private certificate-based authentication, 2-step verification or passwords which are changed at least every two months. Also, make sure wireless networks are secured and use firewalls to protect external network gateways.

Install (and use) anti-virus and anti-spyware on all your computers. Many people don’t do this, yet it’s surprisingly easy to infect a computer without this simple step.

Less obvious is the need to apply updates and security patches to operating systems. Most successful cyber attacks exploit weaknesses in old versions of Windows and similar products. Never use a version that the author no-longer supports, and make sure all desktops automatically download updates. Yes, it can be a time-consuming annoyance, but it’s not as time-consuming as dealing with the effects of a security breach.

It’s also very important to stop terminated employees from accessing your systems. If they have been fired they will have a grudge. If they’ve moved to a competitor they have no loyalty to you. So while it may feel harsh to treat a former co-worker like this, it prevents a serious security risk.

Logos of cyber security companies -There are security products available to fit every use and every budget

There are security products available to fit every use and every budget

Looking after the crown jewels

If you process or store financial or sensitive data, you need to take extra steps to protect it. Make sure that all financial or sensitive data on your system is encrypted. It’s easy to do, with many apps now available and options in various common online or desktop systems. Make sure you also encrypt removable media like portable hard drives or USB memory devices. The same applies to laptops and other devices you might take out of the office.

It’s also a good idea have a system that manages and records how and when financial and sensitive data is used, and by whom.

Another vulnerable area that is often forgotten is your waste bin. When you throw away or recycle financial or sensitive data – including information on printed reports, CD’s and old hard drives – make sure you do it securely.

Do you know if it works?

Creating policies and installing software is one thing, but how do you know it works?
Make sure you check the reports generated by your security software and other systems monitoring access to your data and network. If something unexpected has happened, investigate it properly. You will need to make changes to stop it happening again, but you may also need to report breaches to the authorities, customers and your insurer.

Don’t forget to test your data and cyber security on a regular basis. You can do this yourself, but a specialist consultant will also look for a ‘way in’ that you’ve never even thought of.

Even for the tech-savvy, preventing cyber-crime can be baffling. However, taking these few simple steps will help make sure today’s virtual ‘Reggie and Ronnie’ are a lot less likely to ‘pay you a visit.’

Christopher Webb
chris@precisionpr.co.uk

Chris has spent nearly 30 years managing in-house and agency PR teams creating highly successful communications campaigns. With a little help from friends, Chris created Precision PR in the spring of 2017. Chris has held senior communications roles at CODA, Hyperion, CSI, Qualys and Epson, and has worked in several mid-level and senior agency roles gaining a range of strategic and hands-on skills with clients and business partners that include; Alcatel-Lucent, Adaptsys, BHA Software, IBM, Microsoft, PeopleSoft, QAD, Qlik, Salesforce.com, SAP, SDRC and Yokogawa. Our associates have worked with many others.