2017 has kicked off with a bang at 9 Spokes and we hope it's been a great start for your business too. This year, more businesses than ever will rely on technologies and digital communications to manage their business, so it's imperative to keep on top of your data security.
As Compliance Manager at 9 Spokes, I have to ensure our systems and processes are completely solid. We've all read stories about businesses becoming victims of cyber crimes. But most of these hacks are preventable. Here are some helpful steps you can take to secure your business in 2017.
1. Pay attention to your people and processes - not just your hardware
A large part of cyber security is wrapped up in the people and processes that keep your business ticking. Having a defined methodology helps to make sure you've got everything covered. The International Standard for Information Security (ISO) 27001 sets out a six-part process for involving your personnel in the identification and elimination of online security risks. Here's a good video to explain what it is.
2. Make sure everyone is vigilant
Talk to your staff and family about cyber security and encourage them to think carefully about their online activities: what they download and click, what they post on social media, who they accept as 'friends'. Draw up your 'Cyber Rules of Engagement', the first one being 'Don't post anything you wouldn't say in public!'
3. Be cryptic with your passwords
Many people tend to create passwords that are easy for them to remember (names, birth years) instead of ones that are the most secure. A strong password omits proper nouns or personal information, is 6-9 characters and contains combinations of upper and lower case letters, numbers and special characters. Additionally, passwords should be changed at least once a quarter (financial passwords even more frequently than this). More information on password best practice can be found here.
4. Keep your passwords private
Once you've chosen a strong password, keep it to yourself. This may sound like a no brainer, but be guarded with your online security details. Shouting passwords across the office, discussing them on the train to work or writing them on post it notes might seem harmless, but criminals and competitors looking to take advantage of lax security thrive off these sorts of activities.
5. Team up with your suppliers
No matter how secure you are as a business, your suppliers could be affected if they're vulnerable to cyber attack. To remedy this, treat them as you would any other part of your business. Share valuable information and best practice with them. You can also ask for evidence of their cyber security measures, such as their PCI DSS, ISO27001 or Cyber Essentials certificates.
6. No Phishing!
Know how to protect yourself against online identify theft (phishing). When using public hotspots, always use a VPN conduit, which you can find with a simple search. For any online transactions, make sure the secure connection status is evident, ie https rather than just http at the start of the URL.
7. Lock the back door
Lock away your hardware -- laptops, mobiles, hard drives -- and turn on the alarm whenever your premises are left unattended. Additionally, install robust antivirus software, keep it updated and ensure that it is activated on a regular basis.
There you have it, some valuable tips on securing your business's data. Just remember that a few minutes a month is all it takes to ensure your business is cyber secure. It's nothing in comparison to the time and money it would take to remedy a cyber hack.
Wishing your business a safe start to 2017,
Deon Hanekom, Compliance Manager at 9 Spokes