A new year is a perfect time to form habits and set goals for the year ahead. While you might be setting ambitious goals or taking up a new hobby, why not make some cyber security resolutions for your business in 2022 to protect yourself against cyber-attacks and online fraud?
Action Fraud, the UK’s national reporting centre for fraud and cyber-crime, say that one in four small businesses are affected by fraud every year, with costs estimated at £18.9 billion across all sectors. Taking the time to complete some of these simple actions will protect your business year-round from the most common online threats and could potentially save you thousands of pounds and hours of frustration.
In 2022 I will:
- Ensure all my passwords are unique and complex.
- Use two-factor authentication on all accounts where possible.
- Consider using a password manager to store complex passwords.
- Install reputable antivirus software and ensure it is kept updated.
- Schedule regular scans with antivirus software and automate where possible.
- Not ignore any messages my antivirus software generates.
- Keep all software and operating systems up to date with regular patching.
- Consider upgrading devices and software which no longer receive security updates and are end of life.
- Consider uninstalling software which I no longer require as this can help threat actors gain a foothold onto your systems.
- Stick to only installing software from reputable vendors where possible and research any other software prior to installation.
- Avoid unfamiliar websites where possible.
- Ensure websites are using HTTPS when transferring sensitive information (a padlock will appear before the URL).
- Consider installing an ad blocker as advertisements/popups can be used to deliver malware.
- Ensure my Wi-Fi networks are password protected with WPA2 encryption or stronger.
- Avoid using public/communal Wi-Fi where possible and avoid using it for the transmission of sensitive data (such as login/banking information) at all costs.
- Use VPN’s to connect to your business whenever possible as it encrypts your connection.
- Make regular backups of all important files and computers.
- Try to have more than one backup available and attempt to store at least one of them off-site.
- Ensure all backups are stored securely both physically (in locked storage) and digitally (password protected and/or encrypted).
- Test that my backups work by performing a dry run of using them to restore data. All too often this is not tested and when backups do need to be restored, the process does not work correctly.
- Ensure all computers and mobile devices are password protected and encrypted where possible.
- Lock devices when not in use and not leave devices unattended in untrusted locations.
- Avoid inserting unverified removable media (CDs/DVDs/USB Drives) into devices.
- Strictly control the usage of USB drives and block unless essential.
Where can I find more advice?
- Visit FSB's dedicated cyber security and data protection hub for further guidance
- Access resources from the National Cyber Security Centre (NCSC) and Action Fraud
- Check out NCSC's handy guide for small businesses
- Take the Cyber Essentials certification, a Government-backed scheme that will help you to protect your business