Simplest ways to ensure your business is secure.
As technology progresses digital threats are on the rise, protecting your companies sensitive data is critical to maintaining Client trust and staying on the right side of the law. Implementing a few simple security steps can make huge differences in your business security and resilience. Lets run through a few key changes you can make today.
1) Multi Factor Authentication (MFA)
While this feels like the bane of employees day, this is the most critical change you can make to securing your employees online.
Multifactor authentication means that after your username and password, you need a third item, normally a time limited access code delivered via SMS, Email or a Authenticator App.
Every service has a different way to set this up, you should start by developing a list of all online websites and services that you use, highlight the critical ones that manage you most sensitive data to target first. Contact the service provider and ask how to setup MFA.
Tetrabyte customers can call our support line any time to speak directly to an engineer to discuss this and any other needs.
–
2) User Access Controls
Ensuring users have the correct access at the correct time is another key change you can make. You don’t want your cleaner knowing your company payroll and you don’t want a disgruntled ex-salesperson copying your client list.
Users should have unique individual logins for services and password sharing should be discouraged when users have different access. User accounts should be promptly closed when users leave and a leaving checklist developed to ensure that everything to covered.
At Tetrabyte we have special processes for each client, designed to cover each organisations own user exit plan. We go beyond the services we directly provide to ensure the user is fully removed. Customer just need to let us know when a user is leaving.
–
3) Password Management
With so many websites and so many logins, its difficult for employees to maintain security across all their services, the most common way of breaching user accounts is to steal a login from a minor service and use it to attack critical infrastructure. When Dorathy leaves and someone bought her a leaving card online, did they use the same password used to secure your staff HR data? What happens when they login gets stolen from the leaving card website?
The solution is a Password Manager, this installs to your computer and saves all your passwords, further, it synchronises to all your devices, computers, laptops and mobiles. When you visit the site, it auto-fills your login data right into the box, sign in becomes just a click. Now you don’t have to remember the password and can set generate and set something unique like 3fQ7^m%!64LsB#U5. If every site is unique, stealing from one no longer compromises the rest of the organisation.
Tetrabyte can supply and setup BitWarden’s market leading password management solution. Users can have unique logins and staff can even share some information with live updates when needed.
–
4) Security Awareness Training
Teaching your staff how to stop and manage security incidents is another core part of online security. Can they spot a phishing email? Will they click that link or download that file?
Most organisation think security training is long days with all staff listening to someone droning on and no work getting done, but that’s not the most effective way for you or your employees.
We work with a world leading supplier running ‘drip fed’ campaigns of training. Your staff spend 10 mins once a fortnight when they have time, watch a video, answer a few questions, and move on with their day. Over time, their Cyber Security knowledge grows, and your organisation gets more secure, Tetrabyte can provide this for less than £2 per user per month for 25 users, get in touch for more info!
–
5) Malware Protection
This is one that everyone knows but many small businesses don’t implement correctly. Reliance on unconfigured devices with the free ‘Windows Defender’ is little better than not having anything.
The internet is full of malicious dangers, these inject themselves into legitimate websites and the less savoury areas of the internet alike. Business level protection needs to go beyond just watching for a list of know exploited files, Endpoint Detection and Response looks at behaviours on the computer and flags suspicious actions to protect against new and unknown attacks. Going beyond this Tetrabyte can add 24/7 monitoring and response from a dedicated Security Operations Centre team, automatic software updates, web access controls and Cloud system security.
These are just a few of the easiest and cheapest ways to start your businesses Cyber Security journey. Tetrabyte have years of experience working with businesses of all sizes to develop great security practices. We can setup, configure and manage a range of market leading products specifically chosen for feature sets and client usability. We are here to support your staff in every step of adoption with Unlimited Remote I.T. Support with our engineers just 1 phone call away. If you need any more great ideas on Security in your Business, just let us know!
