Be on the ball with your business security 🔐

Running a business, particularly a new business - it is essential that you get the basics right.

Every business uses email addresses, which are prone to front-line attack so there are basics you must consider. This guide is here only to help put you on the right setting as a business;

1. Use strong passwords

Create complex passwords that are at least eight characters long - if you use Microsoft or similar, ensure that this is implemented as a rule across the business. They should include at least three of the following:

• Uppercase letters
• Lowercase letters
• Numbers
• Symbols

Avoid using personal information such as your name, address, date of birth, or pet’s name, they are too easy. For example, don’t use “George123” as a password. The more complex the password, the better.

2. Train employees

Train your employees in good cyber security practices, such as identifying red flags for phishing attacks. Generally speaking, Cyber Insurers provide their own training or resource that is the equivalent of, which can be used for your employee’s. The more knowledgeable your employees are about email security, the less likely they are to fall victim to a scammer’s tricks. Everyone in your company must understand the risks of email and prevent them, reverting back to Cyber Insurers, some will provide Phishing Campaigns which are sent to all employee’s to create awareness to all of your workforce. To understand this more, speak to a Cyber Insurance Specialist who will run through everything with you.

3. Use two-factor authentication (2FA)

Use two-factor authentication whenever possible. You’ve probably heard the term “two-factor authentication” or 2fa before. It’s an excellent option to employ in addition to a strong password. Even if someone were to guess your password, that’s only the primary access to your “system” they will not have access to the two factor authentication, meaning it will be incredibly hard for them to gain access.

4. Use encrypted connections

Data that isn’t encrypted is readable by anyone who intercepts it in transit, including hackers and other cybercriminals. A password-protected public Wi-Fi network offers some protection from prying eyes, but it isn’t enough to keep your data safe.

If you need to work on sensitive materials, especially personally identifiable information (PII), you should use a virtual private network (VPN) instead because:

• A VPN guarantees that the client device and server connection are secure. Even if someone intercepts the traffic, they won’t read it.
• When you send an email, the message goes through several servers before reaching its destination. It is there where it must be decrypted so that the recipient can read it.

Encryption ensures that no one who accesses the message during transit will read it. You can encrypt messages automatically by choosing an encryption service when setting up your email account.

5. Back-up files regularly

You should regularly back up all your files on a server or an external hard drive. This will ensure that you’ll have another copy stored somewhere else. If you ever lose important files via email, you still have them in storage.

A couple of options are;

• Icedrive - you can sync several locations, which then back up to Icedrive. With Icedrive, there is a Encrypted Section also which you can utilise (Client Side Encryption), meaning only you have access.
• Sync - very much similar to Icedrive and also offers encryption

6. Keep software and antivirus programs up-to-date

Attackers leverage weaknesses in outdated software to hack into your system. They are a threat since they can steal information or harm your computer in other ways. Always ensure everything remains up to date.

7. Keep an eye out for suspicious emails

Be cautious when opening attachments in emails. Email attachments are commonly used to introduce malware or ransomware onto your computer or server. Before opening an attachment, verify that you know the sender and that the file isn’t suspicious.

Some of the most frequent types of email scams:

1. Phishing emails: These are malicious emails disguised as legitimate messages. It could be from your bank or other company that you do business with regularly.
2. Spear phishing emails: These are highly targeted phishing emails designed for a specific victim. Usually, someone who works at an organization with sensitive data.
3. Spoofed emails: These emails appear to be from someone you know. Unfortunately, they come from a hacker who has found a way to hide their real email address.

To ensure your emails are delivered to the inbox, you must implement Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC). These three methods work together to authenticate your emails and protect your sender’s reputation:

• SPF works by verifying that email comes from an IP address authorized to send mail for a given domain.
• DKIM uses encryption to verify that a message comes from the sender and has not been altered. This method is more secure than SPF, but it takes more time to set up.
• DMARC allows you to set rules for handling your mail when it fails authentication.

8. Check links before you click on them

Check where that link will direct you before clicking on any link in an email message. If the link looks suspicious, don’t click on it even if it seems to be from someone you know. Instead, call or text that person and ask if they sent the message.

You could also type the website address in your browser to ensure you’re not redirected to a fake site.

It’s best to block particularly vulnerable attachment types, like .exe files, which could contain viruses or malware. If an employee needs these files, they can be approved case-by-case basis.