The Cyber Resilience Centre for the South West has identified practical resources and tools that will help you identify your risks and vulnerabilities and the steps you can take to increase your levels of protection.
Below we have given details of 5 basic cyber hygiene steps you can take to improve your business’s cyber resilience.
1. Password security
Cyber criminals can gain access to your accounts by using software specifically designed to crack passwords, they try one password in lots of places or trick you into disclosing your password through scams.
To improve your business’s cyber resilience, you should create strong, separate passwords, and store them safely to better protect your accounts. Getting on top of your password security limits hackers ability to reset other account passwords, or access your core systems and data.
2. Three random words
Use 3 random words to create a unique and strong password and protect your other important accounts in the same way, for example banking or social media accounts. Do not use words that are personal and guessed such as your pet’s name. Include numbers and symbols where possible but make them memorable to you. Use a password manager to help you remember your passwords or save your passwords in your web browser.
By saving your password in your browser, you are letting your browser (such as Chrome, Safari or Edge) remember your password for you. This helps you to not lose or forget your passwords and it can help protect you against some forms of cyber crime, for example fake websites. You can protect your saved passwords in case your device is lost or stolen by doing the following:
- Turn off or lock your device when you are not using it.
- Use a strong password to protect your device.
- Turn on two-factor authentication for all your devices and accounts.
- Turn on biometrics (Face ID or Fingerprint recognition) if your device supports this.
3. Turn on two factor authentication (2FA)
Two-factor authentication (2FA) otherwise known as two-step verification or multi-factor authentication was designed to help stop cyber criminals from accessing your accounts even if they obtain your passwords. 2fa means that two different types of information are required before access will be permitted to allow access to an account or computer system.
Many systems already use 2fa already, most online banking providers do this automatically and you are required to provide more information to prove your identity, such as:
- a PIN, password or code
- Biometrics - a fingerprint or face ID
You may have used two factor authentication when answering security questions or knowledge-based authentication to access your accounts or computer systems
4. Don’t ignore updates!
It’s easy to get a software reminder on your device and think, I don’t have time to update now, I’ll do it later. How many times do you forget to go back and do that update? Software, apps, and operating systems that are out-of-date contain weaknesses; updates are not designed to be an administrative process. They are rolled out to allow you to keep your devices, software, apps, and operating systems as safe as possible.
Turn on automatic updates to allow your systems to do the work for you, this means you won’t have to remember to go back and do that update. Here are the steps for turning on automatic updates for common software/apps and operating systems:
- Apple - Mac (opens in a new tab)
- Apple - iPhone and iPad (opens in a new tab)
- Microsoft Windows 10 (opens your MS settings)
- Windows 7 is no longer supported. You should upgrade to Windows 10.
- Android smartphones and tablets (opens in a new tab)
- Android apps (opens in a new tab)
5. Back Up, Back Up, Back Up!
Backing up your data is critical to ensure that you have a copy of your information and data in case your systems are taken offline by cyber criminals. Backing up your data regularly means that you will always have a recent version of your information saved.
A good example is if you are a personal trainer running your own business and you hold all your client’s data and information on your computer, if that data gets stolen by a cyber criminal. Would you be able to contact your clients and tell them they need to be on the lookout for spam emails or suspicious activity on their online accounts or would you have lost the contact details you had for them?
Turning on automatic back up’s is a simple way to ensure that you have regular backups of your data and information. A sensible idea is to have more than one back up, stored in different places. An example being storing data backups on a USB stick or external drive and in a cloud system such as Google Drive or, Microsoft OneDrive. With 43% of all cyber attacks targeted at small businesses, the threat to businesses from cybercrime is real and growing, so there has never been a more critical time to increase your cyber resilience.