Cloud and internet storage is risky business these days, and everyone must make an effort to safeguard their data. Make a mistake, or take a minute and do not pay attention, and your data and reputation could be compromised. Every week, large corporations face negative publicity when their data is compromised. You may wonder how you can keep your company ahead of the cyber-criminals if these companies get hit.

However, cyber-security protection does not have to be a daunting task. In fact, in this article there are 5 things from the National Cyber Security Centre that you can do to keep from getting in the headlines like those other corporations.

Do you want to be free from cyber-attacks? Read on. Remember, size doesn’t matter. You can remain safe with little money invested.

  1. Make sure you always back up your data

Sound simple? It is! Make regular data backups, and test to make sure they can be restored. This will give you peace of mind from any data loss, including fire, theft, ransomware and physical damage of your important data. Make sure to always test to make sure there are no issues when you have to access your back-ups as well. The correct steps for data backup include:

  • Identify what needs to be backed up, and how often. This can include documents, photos, emails, contacts and calendars, and most are kept in a few common folders. Make the data back-up part of your normal routine.
  • Ensure the device containing your backup is not the same device that is responsible for the original copy, neither physically or over a local network.
  • Consider backing up the cloud. This means your data could be stored in a totally separate location that is physically separated from your offices and devices, and you will be able to access it quickly, from anywhere.
  1. Don’t forget your smartphones and tablets! They are susceptible too!

Smartphones and tablets even need more protection because they access a variety of networks that are outside a business environment. We lose the safety of our homes and offices and easily become available to data loss due to those nasty cyber-criminals.

  • Switch on PIN/password protection and fingerprint recognition for mobile devices.
  • Configure devices so they can be tracked if lost or stolen, and they can be remotely wiped or remotely locked.
  • Keep devices and apps up to date, using your automatic update option when available.
  • When sending sensitive data, don’t connect to public Wi-Fi hotspots if at all possible. Use 3G or 4G connections including tethering and wireless dongles or use VPNs. So if you are one of those that enjoy using your devices at your local Starbucks, stay safe and smart? Think again if at all possible.
  • Replace unsupported devices from manufacturers and consider updated alternatives.
  1. Be Cautious about Malware Issues

You can protect your organisation from the damage caused by deceptive malware by adopting very simple, low-cost techniques.

  • Use antivirus software on all computers and laptops. Only install approved software on tablets and smartphones, and prevent users from downloading third party apps from unknown sources. If your staff have unauthorized software they want to use, make them contact your IT staff, and have those staff install the software if it is found to be legitimate.
  • Patch software and firmware by promptly applying the latest software updates provided by manufactures and vendors. Use the automatically update option where available. Pay attention to problems or issues that might occur during the automatic update process.
  • Control access to removable media such as SD cards and USB sticks. Consider disabling ports, or limiting access to sanctioned media. Encourage staff to transfer files via email or cloud storage instead.
  • Switch on your firewall to build a buffer zone between your network and the Internet.
  • Team education is always important. Have them take classes on an annual basis which will educate them on the threats of malware and how to avoid them.
  1. Phishing Attacks Are Getting More Elaborate

In this instance, scammers send fake emails requesting sensitive information, such as banking details, or they containing links to bad websites. In this situation, follow these steps to avoid disaster:

  • Ensure staff don’t browse the web or check emails from an account with Administrator privileges. This will reduce the impact of phishing attacks that might succeed.
  • Scan for malware and change passwords as soon as possible if you suspect a successful attack. Don’t punish staff it they get caught, as that will discourage them from reporting another one in the future.
  • Check for obvious signs of phishing, like poor spelling and grammar, or potential low quality of recognisable logos. Does the sender’s email address look legitimate, or is it trying to mimic someone you know? Is the email sent at an unusual time, or can you hover over a link and it obviously sends you somewhere you don’t recognize?
  • Educating staff is also very important. Make your staff take courses on recognizing phishing attacks and spam on an annual basis.
  1. Passwords are the key to protecting valuable data

Passwords management is free, easy and an effective way to prevent unauthorised people from accessing your devices and data

  • Make sure all laptops, Macs and PCs use encryption products that require a password to boot up. Switch on password/PIN protection or fingerprint recognition for mobile devices.
  • Use two factor authentication (2FA) for important websites like banking and email.
  • Avoid using predictable passwords such as family and pet names. Avoid the most common passwords that criminals can guess like passw0rd. Keep updated on passwords that are common. If the site offers a combination of capital and small case letters, numbers, and special characters, use those combinations to make your site safe.
  • Enforce 90-day password changes.
  • Provide a location where staff can write down passwords and keep them safe but not with the same device. Ensure staff can reset their own passwords, easily.
  • Consider using a password manager. If you do use one, make sure that the ‘master’ password is a strong one.

Following the advice in this article will increase your protection from cybercrimes. These steps are easy to do and require little investment. As with many of them, staff education is the key. Make sure your staff understand the severity of cyber-crime and give them tools to fight attacks.

Originally published here.