As more and more Northern Irish businesses rely upon their IT systems to store and collate important and confidential information, the importance of cyber security has, for good reason, become a very hot topic. UK businesses have more than doubled their cyber security budgets in the last year, rising to £6.2m on average, whilst costs incurred as a result of cyber theft have increased by half compared to last. The UK is leading the fight against online internet fraud; we spend on average 60% more on cybersecurity than other countries.
Whilst the majority of that money is spent on security software, firewalls and encryption of computer networks, the ultimate security is only as good as its weakest link. For this reason, it is vitally important that your staff and business IT support understand the nature of cybercrime and how to be wise to it.
Any member of staff with access to sensitive computer information will usually need their own log-in credentials. By ensuring that your staff understand the importance of strong passwords, you will better protect those log-in credentials from becoming compromised. Ensure that staff passwords:
– Are a minimum of eight characters long
– Don’t have any similarities to previous passwords
– Don’t contain your name, log-in name or business name
– Don’t contain a regular word
– Contain a mixture of uppercase letters, lowercase letters, symbols and numbers.
Recognise suspicious emails
Unsolicited emails from banks and tax authorities should be viewed suspiciously, as none of these organisations will request you to send them any personal information. Any email which fails to name you or the organisation correctly, contains folders, spelling mistakes or has a strange email address should be unopened and forwarded to the IT computer security team. Any incoming invoices should be processed by a finance team or officer.
Away from your seat? Control Alt Delete!
Cybersecurity is about more than unscrupulous hackers and people sending phishing emails. Staff must be in the habit of securing their computer terminals every time they leave their workstation for any period of time. Many business and offices have contractors, visitors and temporary in-vetted staff in the workplace. This leaves computers and therefore data vulnerable unless locked.
Closing dormant log-in accounts
It is remarkably common for businesses to have dormant log-in accounts for ex-members of staff. The fewer active log-in accounts your system has, the safer it is.
For more advice and assistance with your workplace’s cyber security system, contact Nimbus CS today.
The business landscape has changed dramatically in the past few years. Gone are the days when IT was a huge and unknowable mystery; now most professionals have a competent grasp of the basic principles, and business is better for it. But with widespread usage, the pressure to keep up with new developments has increased, and it can seem like there’s a new update or product on the horizon every few months.
It’s easy to get overwhelmed by the sheer range of IT solutions available; you may be wondering if you really need every new product out there. The key is to receive advice you trust on what your business will actually benefit from. Whether you are considering off-site servers or a move to cloud computing, a good outsourced service will offer you a consultation on what will best meet your specific requirements, and what you don’t need to worry about.
Workflow software is increasingly moving towards apps that can be used and synced across several devices and multiple users, as opposed to traditional single location installations. But while this has many benefits, it does leave a wider field for security vulnerabilities; for example, users can be more careless about security protocol when using tablets and smartphones as they are associated with more informal usage.
If you want peace of mind as to whether your security system is keeping pace with new threats, managed services can be a great help. Not only will they recommend the best setup for your company’s particular needs, they will also let you know when you need to update your system or add an extra feature to deal with a new danger.
Accepting IT change
You may get resistance from employees who want to hang on to their old ways of doing things, regardless of efficiency. Getting rid of the landline and setting up a VoIP system can seem intimidating – the unfamiliarity of not having a physical phone can cause a bit of a panic – but a few training sessions from your IT service provider can go a long way towards easing these concerns.
Ask IT helpdesk or MSP what the most common topic of IT support calls is and you could place large bet that it will relate to passwords. It’s no surprise that users hate passwords. Today, more than ever, we all have a huge amount of different passwords for all of our online services. The headache of managing these can lead to users taking some very risky shortcuts, which can have very serious implications for your company’s cyber security. A lot of these practices can be mitigated with a solid password policy.
The five common passwords are: ‘123456’, ‘password’, ‘qwerty’, ‘12345’ and ‘123456789’. All of these could be easily cracked by a human being, let alone any type of hacking tool. These could also be all but eliminated in your business if a password policy is enforced. So here are some easy rules to put in place to get your users to create stronger passwords and to make your network more secure. These can all be easily enforced with network logon policies.
1. Set longer, more complex passwords
The longer the password, the more possible combinations it can be and the more secure it is. Try enforcing a minimum 8-character password for users and a 14-20 character password for higher level admin passwords or ones that will never expire. These passwords can be made stronger still by adding punctuation or special characters. This complexity makes passwords very difficult to crack.
2. Change passwords often
This will be the one that your users will struggle to warm to the most, but it is possibly one of the most important ones to consider. Forcing a password change every so often not only reduces the chances of a password being compromised from an external source, but also helps mitigate issues such as disgruntled former employees using a password they remember to potentially gain access to sensitive information after they leave.
3. Use a password manager
How many people do you know that write their passwords down on post-it notes or sticky labels on their monitors? The reason people do this is simply because remembering all these passwords can be a nightmare. Use of a password manager such as Keepass, 1Password or LastPass can eliminate both the need to remember the passwords and users writing them down. These services are very secure and offer features like browser plugins, so the correct password is entered automatically without users needing to type anything. Password managers are especially useful if you have teams of people that share passwords for various things as they are all kept in one, central location.
You can be more strict or more flexible as you see fit, but the rules here are a great starting point for any business which needs to tighten up on cyber security.
At Nimbus CS we can implement harder authentication methods, such as two factor authentication. When you logon with two factor authentication, in addition to your normal username and password, you need to clear a second logon stage. This stage may involve approving the logon via a prompt on your smartphone or inputting a code from a text message. Call Nimbus CS for a chat to find out more.
Defeats the purpose, no? by joannapoe licensed under Creative commons 5
Good news has arrived in the shape of a £50m boost for tech start-up companies. The government, who have targeted small businesses as being a key part of the UK’s economic recovery, have launched a scheme which will help some of the country’s most innovative new businesses.
Cyber Security is a real threat to a small business, so the Department of Media, Culture and Sport (DCMS) has joined forces with GCHQ to deliver a groundbreaking new programme which will provide support for start-ups looking to be educated in the importance of computer security. The scheme, which is set to include two new accelerators that are to be managed by Wayra UK, has been set up to seek out and identify inventions within the cyber security arena. Once these innovations have been identified, the DCMS will look towards fast-tracking their commercialisation.
The scheme falls in line with the government’s umbrella brief of providing more business IT support to small companies in the form of educating them on cyber security. The government has committed £1.9bn to its national cyber security programme so far with the overarching aim of preparing the private businesses of the UK in the event of a cyber attack. Keen to promote vigilance when it comes to matters of computer security, Chris Ensor, the Deputy Director for Cyber Skills and Growth at GCHQ, stated: ‘combining the knowledge of GCHQ with some of the country’s newest start-ups is a really powerful combination and one I’m confident will deliver benefits to the cyber security of the UK.’
With that in mind, the DCMS has pledged £50m to create and support two new innovation centres, while GCHQ has committed to providing not only their expertise but consultancy too. This means that participating organisations can share their experiences, which will help to develop the innovations. The Minister of State for Digital and Culture stated that the ‘Two new Cyber Innovation Centres will bring together government, academic and business expertise, and will be invaluable in helping support start-up companies and develop world-class cyber technology.’
With cyber threats becoming increasingly complex and more sophisticated, it would seem that the government believes that the best way to fight it is by sharing experiences and views.