Whilst exhibiting at a recent event we were approached by a business owner concerned about cyber security. Nothing unusual there. In this case the business was just her and a laptop. Our normal solutions are suitable for multiple users but would be overkill for the freelancer or self-employed individual. So what about cyber security when you are the business? What precautions can the owner/manager/only employee take?
This blog is also available as a infographic via our friends at Imagine If – the inspiration for this blog. http://imagineif.ltd/cyber-security-for-home-businesses/
Do I really need to worry about cyber security?
When it comes to cyber attacks we hear plenty about the attacks on big business like TalkTalk, Uber and Facebook.
But it isn’t just the big boys that get attacked.
A thousand SME’s with out-of-date software only protected by free versions of anti-virus make a very attractive target to cyber criminals. Why fight through complex firewalls, email filtering and the like at a big business if the small companies make it so easy?
Unfortunately, if you are in business then it’s more a case of when, rather than if, you will suffer an attack. 43% of small businesses reported an attack last year and that number is growing.
Unfortunately, you cannot make yourself 100% safe. If a hacker is really, really determined they’ll get in. A good analogy is in protecting your house from burglary. If a burglar walks along a street and your doors and windows are locked, you have a security light, an alarm and CCTV then they would likely move to next door where the kitchen window is open. Making yourself a more difficult target doesn’t make you 100% safe, but it does reduce your risk.
Here is what the small business owner can do to make themselves a harder target.
Good cyber security when you are the business
Good cyber security when you are the business is about getting the basics right.
Choosing the right software and keeping it up-to-date, running suitable antivirus software, using strong passwords, being able to recognise and deal with suspicious emails and backing up your data are the five building blocks for good, basic cyber security.
Getting the right software
Provided you have the right version, some of the security you need will be built into your software.
We’d recommend Windows 10 Pro as your operating system. Pro is far more suitable for small businesses than the Home version and this is mainly because of its security features.
Firstly Windows 10 Pro offers Full Disk Encryption (FDE) which means all the information on the hard drive of your laptop or desktop is encrypted. If the device is lost or stolen, nobody can get at the data without the password. You’ll need to enable FDE, but there are plenty of step-by-step guides online. This one from from ‘Make Tech Easier’ is comprehensive and easy to follow.
Outside of Windows 10 you can get FDE through 3rd party software, either free or paid but BitLocker (the Windows 10 solution) is the most complete, well supported option.
Keep those Viruses Out
Windows 10 also comes with Windows Defender Security Centre which offers free, built-in antivirus and firewall protection. It’s not bad for a free offering and scores reasonably well on AV test platforms such as AV Test. However practising good cyber security when you are the business is going to require a bit more. With anti-Virus, as with most things in life, you get what you pay for and we’d recommend a paid for offering. You can significantly improve your protection for relatively little money. Our recomendation, and a PC Magazine Editors Choice, is Webroot SecureAnywhere.
The likes of Norton, BitDefender and Kapersky all offer great products which score highly in lab tests. You often won’t see Webroot in the tests. It works differently to other systems and this makes it difficult to benchmark against other products. Wherever it is tested it performs extremely strongly.
As well as effective performance there are a few other reasons we recommend Webroot. It is very light on system resources and is quick and easy to install and configure. It also offers the fastest scanning on the market. Finally, it bundles a firewall even with standalone antivirus. This firewall does not replace the Windows firewall but compliments it and provides an additional layer of security. Multi-layered is always the best approach to security.
Once you’ve got the right operating system and antivirus in place then you need to make sure you’re keeping everything up-to-date.
Keeping Your System & Software up-to-date
Keeping your system patched is one of the simplest but most important things that you can do to ensure good cyber security when you are the business.
Cyber criminals find and exploit weaknesses in operating systems and software. Manufacturers close any vulnerabilities through updates to the software. However, this may still be reliant on the user to install these updates.
We recommend you turn on automatic updates wherever possible. This should cover the majority of updates. If automatic updates are not available, then you’ll need to schedule in regular checks for updates. Make a note of the software or device manufacturers website and visit on a regular basis to check for updates.
Password1234 is NOT a strong password
But it’s amazing how often we still see it!
Passwords need to be complex enough to protect you but that makes them difficult to remember. This is why people end up choosing weaker passwords or using the same password on several accounts.
A good way to come up with a strong password is to combine three random words. ‘enginelearnperfect’ is a reasonably strong password which will protect against brute force attacks. This is where an attacker tries a large volume of common passwords in the hope of getting the right one. Adding in numbers, symbols and capitals strengthens the password further but it should still remain relatively easy to remember. !Eng1neLearnPerfect? becomes a very strong password.
You can test out how long it would take for your password to be hacked at the How Secure Is My Password website.
One of the biggest mistakes people make is using the same password on several sites. If that password is compromised, then every account is compromised.
Password managers like LastPass and OnePassword help you generate and keep track of unique and strong passwords. We’ve looked at password managers in depth before.
Your email password is one of your most important. If a hacker gets into your email, then they can change passwords of any accounts linked to this.
This may be one of the key accounts where you might consider two-factor authentication or 2FA.
2FA provides an additional layer of security so software or email access requires not just a password but also a PIN number, usually sent by text.
Gmail, Dropbox and other cloud services offer this. 2FA can also be set up within Office 365.
Spotting Phishing and other email scams
It is estimated that around 90% of successful cyber security attacks involve some level of human error. In fact, staff are a greater threat to cyber security than viruses! The good news for the freelancer or self-employed individual is that the only person you need to train is you!
One of the biggest threats are phishing emails, where hackers pose as trustworthy entities, such as suppliers and ask for sensitive information to be sent. Research suggests that between 90% and 95% of cyber-attacks begin with phishing.
Phishing attacks continue to evolve and are becoming more convincing. To prevent falling victim you need to learn the subtle signs of a phishing email. Check the senders details; make sure both the name and the email address are correct. Look for subtle misspellings or additional characters, a single additional letter can be difficult to spot but makes all the difference. Other things to look out for include urgent or unusual calls to action. The most common are requests to make payment, confirm details or access a link or document.
You also need to be aware of the information you share. Phishing attacks often utilise information we share about ourselves. If your secret question is “The city I was born in” and you post that information on Facebook, then hackers have an easy way into your account.
In addition to looking out for phishing emails take a few minutes to set up your spam filtering. Add trusted sources and block those you don’t trust.
Back up your data
And make sure you know how to recover it!
No matter what you do you’re not 100% secure. Therefore back-up is an important part of your cyber security strategy. Backup doesn’t need to be complex or expensive, but if you value your files and data it’s something you must do.
Your backup solution should have two important features; versioning and purging. Versioning keeps multiple versions of a file from different dates. But too many old versions will fill up your backup drive, so you want a backup program that will delete really old versions to make room for the new ones. That’s purging.
To back up locally you’ll need an external hard drive. You can pick up a 1TB drive for around £40-£50. Stick to well known brands such as Western Digital, Seagate or Samsung for peace of mind. Most of these drives come with some form of backup software, if not use Windows Backup and setup a backup schedule for each night. When you are not running a backup, ensure your hard drive is UNPLUGGED from your laptop. The reason, if it isn’t plugged in, it can’t get infected! Store this drive in a safe place.
Get your files into the cloud
You could get away with a local only solution, but we would strongly recommend cloud too. However, it is going to cost money for a proper cloud backup solution.
Sync-and-Share services such as Dropbox, Google Drive, and OneDrive can work as cloud-based backup tools in a limited way. However, free versions offer limited storage. If you subscribe to Office 365 you do get 1TB of OneDrive storage which may well be enough. However, OneDrive only offers versioning for Office file formats. Not ideal.
The market leading solution according to both Toms Guide and PC Mag is IDrive. A personal 2TB account is $52.12 for the first year. If you buy through this link you can get this for $13.90, that’s around a tenner a year. This account offers backup for an unlimited number of machines (useful if you’ve got a laptop, tablet and desktop). It’s also easy to setup and is fast, plus it includes IDrive Express for bulk uploads and restores.
Pulling it all together
Follow the steps above and you’ve got a good, basic level of cyber security. You have some robust defences and, should those be breached, you can get your files back and restored.
There is some cost involved, but it’s fairly minimal. Compare it to the cost if you lost all your data and it will pale into insignificance.
In fact don’t think of it as a cost at all. It is an investment in your business. It’s also an investment in your reputation. And you can’t put a price on that.