SlideShare a Scribd company logo

Ten Top Tips on Keeping Your Business Secure

BurCom Consulting Ltd.
BurCom Consulting Ltd.

The document provides 10 tips for keeping a business secure from cyber threats: 1) Implement multi-layered defenses across devices, passwords, firewalls, and employee training. 2) Get employees onboard with simple, frequently updated security policies they understand. 3) Be aware of security risks on social media and use tools to flag unsafe links. 4) Use strong, unique passwords and change them regularly. 5) Password protect mobile devices that access business data. 6) Update programs and operating systems regularly to patch vulnerabilities. 7) Consider moving to the cloud to always have up-to-date software and improved security. 8) Track authorized software usage to prevent shadow IT risks. 9) Have incident response plans to recover from attacks. 10

Related slideshows

The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
1 of 5
Download to read offline
Ten topon keepyour Ten top tips on keeping your business secure
Ten top tips on keeping your business secure With the threat landscape constantly developing, it has never been more important for businesses to be vigilant when it comes to security. An attack on your business can not only mean a loss in productivity, but it may lead to a loss of brand credibility and, in future, fines that could total up to tens of thousands of pounds. To help you stay ahead of the hackers, here are our top 10 tips on keeping your business secure. Implement a multi-layered defence Being confident that your business is not just about installing anti-virus software, it’s about having a solution at every level and for every threat, from malware to opportunist thieves. It’s about physically securing devices so that they can’t be picked up and removed; it’s about choosing the right passwords – as long as possible and preferably a mix of letters and numbers; installing firewalls to prevent attacks from the internet; using virtual private networks (VPN) to access data securely from outside of the business network; using mobile device management (MDM) tools to wipe mobile devices if they’re stolen; preventing rogue applications being downloaded; and helping your front-line and back-room employees to understand the reasons you need to be secure. Get your users on side Security has to start at the grass roots. A business can have the most sophisticated firewalls and anti-virus software, but if an employee gives away their corporate username and password, through a clever phishing email, or selecting a password that’s simple to guess, then that security will count for nothing. In the past, attacks were largely brute force attacks and weren’t targeted at any particular type of business. Over the years, the attacks on businesses have started to become more sophisticated, and are now targeted at specific people in an organisation and may involve sophisticated social engineering as part of the strategy. Employees need to understand the duty they have in keeping data safe, the potential costs associated with any breach, and the need to be vigilant at all times, both in and out of work. Many businesses ask new employees to sign ridiculously long IT policy agreements that nobody but the lawyers read. While this may cross all the T’s and dot the I’s, it is not going to be effective in preventing breaches. Security policies need to be simple to understand and need to be updated frequently as threats change. The clearer the policy, the more likely you are to get your employees on side and the fewer breaches you’re likely to have. 1 2 Ten top tips on keeping yourbusiness secure
Be social media aware Social media has become a fact of life, everyone uses it and there’s no chance of you being able to ban it, unfortunately it’s also one of the ways that many employees are targeted for attack. Employees should manage what they disclose on social media as the information in a social media post can often provide the intelligence to make phishing emails from potential hackers look more authentic. Consider looking at some of the tools available that help lock down social media and flag potential problems. For example: Bitdefender’s Safego is a free privacy app designed to stop phishing links in Facebook, or Norton’s Safe Web an application that scans web pages to highlight potentially unsafe links. Make passwords secure Choosing an effective password is one of the cheapest and easiest ways to ensure your business is protected. One of the advantages of low-cost cloud services like Amazon is that hackers are able to access huge amounts of computing power to break passwords. To make things harder for the hacker, you need to choose an effective password. Adding numbers, special characters, and upper and lower case characters will make a password hard to crack. For example, if your password consists of four digits and you only use numbers, there will be ten to the power of four (10,000) possibilities. If you then add alphabetic characters (a-z in lower case) to the numeric, you get 36 to the power of four possibilities (1.6 million). By using numbers, special characters and upper and lower case characters in a longer password, say 11 digits, you will effectively force any cracking program used to choose from 104 characters multiplied by 11 digits, resulting in 15,394,540,563,150,776,827,904 possibilities. This increases the time needed to crack a password from seconds to millions of years. However, it’s important to note that these techniques are being improved and enhanced all of the time. As computing power increases, so do attack methods, which is why you need to change passwords regularly. Use passwords on everything One of the areas where people tend not to use passwords, but should, is on mobile phones. When mobile phones were simply devices to talk on, a password didn’t really matter. But phones have now turned into smartphones and, increasingly, businesses are run from them. According to a survey by security business Sophos*, around half (47%) of all phone users use their personal mobile devices for business purposes, but one in three (34%) admit they do not actually use passwords on these devices even though they keep office email, confidential documents, customer contact information and budget information on them. Because of this ability to access business secrets, a lost or stolen mobile phone becomes a quick and easy way for any thief to get access to millions of pounds worth of valuable data. Look at Mobile Device Management (MDM) software that allows the business to monitor access to a mobile device (tablet devices included) and remotely wipe the devices should they fall into the wrong hands. Update your programs regularly One of the ways hackers use to attack systems is to exploit bugs in known applications and in the operating systems that sit on our computers and mobile devices. To make sure that you’re not open to these hacks, you will need to make sure that your computers and devices are properly patched and updated. With Sage 200 Online you’ll enjoy automated back-ups, updates and upgrades. Automated backups are taken daily, monthly and yearly and stored on the Microsoft Azure platform. Frequently updating your programs and operating systems will keep your business up to date on any recent issues. 3 5 4 Ten top tips on keeping your business secure 6 * Source - Sophos Mobile Security Threat Report – 2012
Make a move to the cloud More and more businesses are looking to the cloud to provide their infrastructure and applications, and many are choosing to make the move to the cloud to improve their security. A recent survey by the Harvard Business Review** for Verizon revealed that more than a third (36%) of businesses say that cloud actually increases their security and nearly three quarters (71%) expect cloud to reduce complexity in their business. Indeed, a move to the cloud will remove the time and cost involved in constantly updating your applications because with cloud you always have the most up-to-date version of the software available. To choose the right cloud service for your business you need to research the provider and ask if they have any history of serving other customers with your requirements. Asking if they conform to any cloud-specific accreditations, such as ISO/IEC 27001:2005, used for Sage 200 software, means you can ensure security and reliability. If you need a quick decision then see if they’re approved for the Governments G-Cloud service; if they are then they’re good enough for your business. They should also be able to provide reports for how the data is managed and accessed, and what – if any – audit data is provided. With Sage, you will be safe in the knowledge that your business data is held in data centres managed and operated by Microsoft Global Foundation Services in Europe. You should also nail down the contractual arrangements and security provisions in the Service Level Agreement (SLA) to determine where data will be stored, how access is given, how it will be protected. Keep track of who uses what One of the disadvantages of the cloud is that it’s often too simple for people in the business to use, and this leads to Shadow IT – cloud applications bought in by individual employees, the marketing department, sales etc. An October 2014 survey*** by Netskope found that the average number of ‘shadow IT’ applications in use in an enterprise is 579, of which 88.7% are consumer-based and don’t have the standard security and checks you expect from an application designed for enterprises. Having access to data anytime, anywhere is great - Sage 200 offers the option to access data when away from the office or out on the road. But keep business data safe by allowing only authorised users access key information through an internet connection, enabling you to use a wide variety of mobile devices, amongst a select and secure number of staff. To mitigate the numbers and types of applications in use, you first need to find out what’s out there and then find alternatives, but make sure that the alternatives are not only acceptable by you, but also your employees. The ‘shadow IT’ applications will not go away, and if you outlaw them, others will quickly replace them. Your employees have resorted to them because the business hasn’t been agile enough and they see an answer to a problem that helps them in their job. You need to do the same, but obviously you need to choose something with greater security 7 8 Ten top tips on keeping your business secure **Source - Business Agility in the Cloud – Harvard Business Review/Verizon – www.hbr.org – July 2014 ***Source - Cloud Report 2014 – Netskope – www.netskope.com – Oct 2014
Sage (UK) Limited, North Park, Newcastle upon Tyne NE13 9AA © Sage (UK) Limited 2014 registered in England No.1045967 01/15 Get a plan for the inevitable Being proactive over security should help you prevent attacks from malware, viruses and even insider attacks. However, they will never guarantee you’re 100% protected. Prepare for the worst and make sure that, if you couldn’t stop a breach happening, then at least you can spot a breach after it’s happened. Create recovery solutions to help get your servers back up and running if an attack does occur. Also, get your teams to practice dealing with the media – that way, if the reputation of your business is on the line, you and they won’t make it any worse by saying the wrong thing. Get insured Recent research from the Economist Intelligence Unit revealed that the demand for insurance against potential IT losses is growing strongly, and is no longer purely something for very large organisations. Working in conjunction with Microsoft, Sage 200 software manages your finances, customers and business insight in one solution. Designed to easily share data; work smarter and ensure your business works together efficiently, Sage 200 runs on the Microsoft Azure platform, which is hosted from data centres managed and operated by Microsoft Global Foundation Services (GFS). 9 10 Sage 200 ERP manages your finances, customers and business insight in one solution. Designed to easily share data; work smarter and ensure your business works together efficiently, it gives you the added peace of mind that your data is secure and can be accessed anywhere and anytime. To find more call 0845 111 9988, email customer.development@sage.com or visit www.sage.co.uk/erp Ten top tips on keeping your business secure

More Related Content

Ten Top Tips on Keeping Your Business Secure

  • 1. Ten topon keepyour Ten top tips on keeping your business secure
  • 2. Ten top tips on keeping your business secure With the threat landscape constantly developing, it has never been more important for businesses to be vigilant when it comes to security. An attack on your business can not only mean a loss in productivity, but it may lead to a loss of brand credibility and, in future, fines that could total up to tens of thousands of pounds. To help you stay ahead of the hackers, here are our top 10 tips on keeping your business secure. Implement a multi-layered defence Being confident that your business is not just about installing anti-virus software, it’s about having a solution at every level and for every threat, from malware to opportunist thieves. It’s about physically securing devices so that they can’t be picked up and removed; it’s about choosing the right passwords – as long as possible and preferably a mix of letters and numbers; installing firewalls to prevent attacks from the internet; using virtual private networks (VPN) to access data securely from outside of the business network; using mobile device management (MDM) tools to wipe mobile devices if they’re stolen; preventing rogue applications being downloaded; and helping your front-line and back-room employees to understand the reasons you need to be secure. Get your users on side Security has to start at the grass roots. A business can have the most sophisticated firewalls and anti-virus software, but if an employee gives away their corporate username and password, through a clever phishing email, or selecting a password that’s simple to guess, then that security will count for nothing. In the past, attacks were largely brute force attacks and weren’t targeted at any particular type of business. Over the years, the attacks on businesses have started to become more sophisticated, and are now targeted at specific people in an organisation and may involve sophisticated social engineering as part of the strategy. Employees need to understand the duty they have in keeping data safe, the potential costs associated with any breach, and the need to be vigilant at all times, both in and out of work. Many businesses ask new employees to sign ridiculously long IT policy agreements that nobody but the lawyers read. While this may cross all the T’s and dot the I’s, it is not going to be effective in preventing breaches. Security policies need to be simple to understand and need to be updated frequently as threats change. The clearer the policy, the more likely you are to get your employees on side and the fewer breaches you’re likely to have. 1 2 Ten top tips on keeping yourbusiness secure
  • 3. Be social media aware Social media has become a fact of life, everyone uses it and there’s no chance of you being able to ban it, unfortunately it’s also one of the ways that many employees are targeted for attack. Employees should manage what they disclose on social media as the information in a social media post can often provide the intelligence to make phishing emails from potential hackers look more authentic. Consider looking at some of the tools available that help lock down social media and flag potential problems. For example: Bitdefender’s Safego is a free privacy app designed to stop phishing links in Facebook, or Norton’s Safe Web an application that scans web pages to highlight potentially unsafe links. Make passwords secure Choosing an effective password is one of the cheapest and easiest ways to ensure your business is protected. One of the advantages of low-cost cloud services like Amazon is that hackers are able to access huge amounts of computing power to break passwords. To make things harder for the hacker, you need to choose an effective password. Adding numbers, special characters, and upper and lower case characters will make a password hard to crack. For example, if your password consists of four digits and you only use numbers, there will be ten to the power of four (10,000) possibilities. If you then add alphabetic characters (a-z in lower case) to the numeric, you get 36 to the power of four possibilities (1.6 million). By using numbers, special characters and upper and lower case characters in a longer password, say 11 digits, you will effectively force any cracking program used to choose from 104 characters multiplied by 11 digits, resulting in 15,394,540,563,150,776,827,904 possibilities. This increases the time needed to crack a password from seconds to millions of years. However, it’s important to note that these techniques are being improved and enhanced all of the time. As computing power increases, so do attack methods, which is why you need to change passwords regularly. Use passwords on everything One of the areas where people tend not to use passwords, but should, is on mobile phones. When mobile phones were simply devices to talk on, a password didn’t really matter. But phones have now turned into smartphones and, increasingly, businesses are run from them. According to a survey by security business Sophos*, around half (47%) of all phone users use their personal mobile devices for business purposes, but one in three (34%) admit they do not actually use passwords on these devices even though they keep office email, confidential documents, customer contact information and budget information on them. Because of this ability to access business secrets, a lost or stolen mobile phone becomes a quick and easy way for any thief to get access to millions of pounds worth of valuable data. Look at Mobile Device Management (MDM) software that allows the business to monitor access to a mobile device (tablet devices included) and remotely wipe the devices should they fall into the wrong hands. Update your programs regularly One of the ways hackers use to attack systems is to exploit bugs in known applications and in the operating systems that sit on our computers and mobile devices. To make sure that you’re not open to these hacks, you will need to make sure that your computers and devices are properly patched and updated. With Sage 200 Online you’ll enjoy automated back-ups, updates and upgrades. Automated backups are taken daily, monthly and yearly and stored on the Microsoft Azure platform. Frequently updating your programs and operating systems will keep your business up to date on any recent issues. 3 5 4 Ten top tips on keeping your business secure 6 * Source - Sophos Mobile Security Threat Report – 2012
  • 4. Make a move to the cloud More and more businesses are looking to the cloud to provide their infrastructure and applications, and many are choosing to make the move to the cloud to improve their security. A recent survey by the Harvard Business Review** for Verizon revealed that more than a third (36%) of businesses say that cloud actually increases their security and nearly three quarters (71%) expect cloud to reduce complexity in their business. Indeed, a move to the cloud will remove the time and cost involved in constantly updating your applications because with cloud you always have the most up-to-date version of the software available. To choose the right cloud service for your business you need to research the provider and ask if they have any history of serving other customers with your requirements. Asking if they conform to any cloud-specific accreditations, such as ISO/IEC 27001:2005, used for Sage 200 software, means you can ensure security and reliability. If you need a quick decision then see if they’re approved for the Governments G-Cloud service; if they are then they’re good enough for your business. They should also be able to provide reports for how the data is managed and accessed, and what – if any – audit data is provided. With Sage, you will be safe in the knowledge that your business data is held in data centres managed and operated by Microsoft Global Foundation Services in Europe. You should also nail down the contractual arrangements and security provisions in the Service Level Agreement (SLA) to determine where data will be stored, how access is given, how it will be protected. Keep track of who uses what One of the disadvantages of the cloud is that it’s often too simple for people in the business to use, and this leads to Shadow IT – cloud applications bought in by individual employees, the marketing department, sales etc. An October 2014 survey*** by Netskope found that the average number of ‘shadow IT’ applications in use in an enterprise is 579, of which 88.7% are consumer-based and don’t have the standard security and checks you expect from an application designed for enterprises. Having access to data anytime, anywhere is great - Sage 200 offers the option to access data when away from the office or out on the road. But keep business data safe by allowing only authorised users access key information through an internet connection, enabling you to use a wide variety of mobile devices, amongst a select and secure number of staff. To mitigate the numbers and types of applications in use, you first need to find out what’s out there and then find alternatives, but make sure that the alternatives are not only acceptable by you, but also your employees. The ‘shadow IT’ applications will not go away, and if you outlaw them, others will quickly replace them. Your employees have resorted to them because the business hasn’t been agile enough and they see an answer to a problem that helps them in their job. You need to do the same, but obviously you need to choose something with greater security 7 8 Ten top tips on keeping your business secure **Source - Business Agility in the Cloud – Harvard Business Review/Verizon – www.hbr.org – July 2014 ***Source - Cloud Report 2014 – Netskope – www.netskope.com – Oct 2014
  • 5. Sage (UK) Limited, North Park, Newcastle upon Tyne NE13 9AA © Sage (UK) Limited 2014 registered in England No.1045967 01/15 Get a plan for the inevitable Being proactive over security should help you prevent attacks from malware, viruses and even insider attacks. However, they will never guarantee you’re 100% protected. Prepare for the worst and make sure that, if you couldn’t stop a breach happening, then at least you can spot a breach after it’s happened. Create recovery solutions to help get your servers back up and running if an attack does occur. Also, get your teams to practice dealing with the media – that way, if the reputation of your business is on the line, you and they won’t make it any worse by saying the wrong thing. Get insured Recent research from the Economist Intelligence Unit revealed that the demand for insurance against potential IT losses is growing strongly, and is no longer purely something for very large organisations. Working in conjunction with Microsoft, Sage 200 software manages your finances, customers and business insight in one solution. Designed to easily share data; work smarter and ensure your business works together efficiently, Sage 200 runs on the Microsoft Azure platform, which is hosted from data centres managed and operated by Microsoft Global Foundation Services (GFS). 9 10 Sage 200 ERP manages your finances, customers and business insight in one solution. Designed to easily share data; work smarter and ensure your business works together efficiently, it gives you the added peace of mind that your data is secure and can be accessed anywhere and anytime. To find more call 0845 111 9988, email customer.development@sage.com or visit www.sage.co.uk/erp Ten top tips on keeping your business secure