The first step for Cyber Security in your SME team
Many small businesses avoid directly tackling cyber security because it feels too big, too complicated and too expensive. It doesn’t need to be this way, in fact, it shouldn’t be this way! This article will run though a few key, cheap and simple ways of ensuring your team start to step up their cyber security game.
Passwords
Everyone knows the core of cyber security starts with passwords. The core problem from a cyber security perspective is that humans reuse the same password in multiple locations, this makes it very easy for them but also very easy for attackers, they only need to steal the password from a small website to have access to that users entire life and work.
To resolve this we need to target two key parts:
- Ease of use
- Removing password re-use
The answer is ‘Password Managers’. This is a small bit of software that installs to every device you could want to enter a password from. When the end user arrives at a website login box, the password manage auto fills the password into the login box…. It actually becomes easier than having to type your own each time!
The advantage is that now, because the password manage does the heavy lifting, when users generate new passwords they can use the password manager to generate a random 20 character string of letters, numbers and symbols and save that into the system, now if they one password gets compromised by a bad actor, nothing else is exposed!
Theres always a disadvantage to such systems and its only fair to expose the hardest part of using it is the transition. We all have extensively developed digital lives, this means that moving from one password everywhere to random passwords with autofill takes a little dedication. Personally, I spent a few months taking the time that every time I logged into a new site I went and changed the password, after a few months everything I accessed regularly was setup and working great!
The next challenge is when businesses share passwords between users, while the best cyber security says never share passwords, some services simply aren’t designed for multi user logins. Password managers fix this with shared containers allowing one set of logins to be shared to multiple users and autofill as normal always available, always in sync, no need to maintain that password excel file for shared logins and because the password is unique and random, you have less risk when users leave!
The cost £3.75 per user per month from Tetrabyte for Bitwarden Teams
The Human Problem
We’ve already discussed how most people re-use passwords and how to manage that, it shows the age old fundamental of Cyber Security is that the weakest link is your team themselves. In recent years many criminals have built empires around ‘Social Engineering’, tricking people into giving up secrets and access that they shouldn’t. This can come in many forms from Phishing emails, phone calls to something as simple as following staff into a building through a security door. Criminals understand how to play with peoples natural emotions and manipulate that to get what they need.
So how can this be addressed, the simple answer is training. The old way is to shut departments down for a day, take all the staff to a conference room and have an expert lecture them for hours on end, sending them to sleep and letting them come away wondering how much they really absorbed.
There is a better way. We deliver small ‘bite-sized’ training to staff via email, these 10 min courses allow your team to manage when and where they train around their own work schedules. The sort courses tackle a single key principal and staff are asked one or two targeted questions at the end to ensure they understand the topic. This drip feed approach is less intrusive and maintains engagement, it builds knowledge over time to teach staff how to spot phishing, how to create secure passwords and how to manage data security. Fundamentally it not only teaches what to do but why, when staff understand the why, they become much more engaged to work with the company for security than feeling like it’s a battle against the company.
Tetrabyte can provide cyber security training from as little as £2 per user per month.
The ‘Too Long, Didn’t Read’ summary:
Password Management:
- Don’t re-use passwords.
- Automate generating unique and complex passwords with Password Management software.
- Auto-fill these passwords to sites when the page loads.
- Share complex passwords between team members with ease.
- From £3.75 per user per month from Tetrabyte.
Train your team:
- Doesn’t need to be difficult.
- Small 10 min courses every couple of weeks.
- Self managed time and place.
- From £2 per user per month.
You can find out more about this and other Cyber Security solutions by calling Tetrabyte on 0330 900 1066 option 2.
