A new year is a perfect time to form habits and set goals for the year ahead. Whilst you might be exercising or taking up a new hobby, why not make some digital resolutions for your business in 2021 to protect yourself against cyber-attacks and online fraud?
Taking the time to complete these simple actions will protect your business year-round from the most common online threats and could potentially save you thousands of pounds and hours of frustration.
Action Fraud, the UK’s national reporting centre for fraud and cyber-crime has stated that one in four small businesses are affected by fraud every year, with costs estimated at £18.9 billion across all sectors.
In 2021 I will:
- Ensure all my passwords are unique and complex.
- Use two-factor authentication on all accounts where possible.
- Consider using a password manager to store complex passwords.
- Install reputable antivirus software and ensure it is kept updated.
- Schedule regular scans with antivirus software and automate where possible.
- Not ignore any messages my antivirus software generates.
- Keep all software and operating systems up to date with regular patching.
- Consider upgrading devices and software which no longer receive security updates and are end of life.
- Consider uninstalling software which I no longer require as this can help threat actors gain a foothold onto your systems.
- Stick to only installing software from reputable vendors where possible and research any other software prior to installation.
- Avoid unfamiliar websites where possible.
- Ensure websites are using HTTPS when transferring sensitive information (a padlock will appear before the URL).
- Consider installing an ad blocker as advertisements/popups can be used to deliver malware.
- Ensure my Wi-Fi networks are password protected with WPA2 encryption or stronger.
- Avoid using public/communal Wi-Fi where possible and avoid using it for the transmission of sensitive data (such as login/banking information) at all costs.
- Use VPN’s to connect to your business whenever possible as it encrypts your connection.
- Make regular backups of all important files and computers.
- Try to have more than one backup available and attempt to store at least one of them off-site.
- Ensure all backups are stored securely both physically (in locked storage) and digitally (password protected and/or encrypted).
- Test that my backups work by performing a dry run of using them to restore data. All too often this is not tested and when backups do need to be restored, the process does not work correctly.
- Ensure all computers and mobile devices are password protected and encrypted where possible.
- Lock devices when not in use and not leave devices unattended in untrusted locations.
- Avoid inserting unverified removable media (CDs/DVDs/USB Drives) into devices.
- Strictly control the usage of USB drives and block unless essential.
Where can I find more advice?
The National Cyber Security Centre (NCSC) and Action Fraud’s websites offer resources and guidance for small businesses. NCSC has a handy guide to help protect your business, or you can take the Cyber Essentials certification.
Got a question?
FSB members can call our team of cyber experts from FSB Cyber Protection with any questions, or if you need support with an ongoing incident. We provide jargon-free, actionable advice on how to protect you and your business.