15 Cyber Security ‘Things’ To Safeguard Your Business

15 Cyber Security ‘Things’ To Safeguard Your Business

James Crossland

Digital Marketing Manager|Kerv digital

Published 06/07/22 under:

Have a question about something here?

Get in touch

It doesn’t matter what size your business is or how much money you’ve invested in Cyber Security; the harsh truth of the world we live in is that at some point you’ll be targeted by Cyber Scammers.

 

However, that doesn’t mean you should just shut up shop and stop thinking about cyber security though or even that the hackers will be successful; it’s just one of the factors to consider when doing business in a modern, digital world.

 

Fortunately, there are quite a few things either yourself, your IT Team and/or all your other employees can do to make a scammers job much harder.

By their very nature they they’re not nice people (and we’re aware how much we’re understating that) so it’s likely if you make things too difficult for them they’ll just go and seek out an easier target (perhaps someone who hasn’t read this article?)

 

Here then, is Kerv Digital’s checklist for improving your business or organisations cyber security…

Back it up, back it up, then back it up again!

Starting with a worst-case scenario, should the worst happen (where possible) it’s important that you’re not negatively affected.

To help alleviate the risks of a successful cyber attack it’s vital that you’re making regular backups of all your key systems and data.

Additional storage doesn’t have to cost a lot these days so making sure you’ve copies in a secure offsite location or, (even better) on the Cloud means should the worst occur you can be back up and running straight away without having to deal with any kind of ransomware scam.

Update needed

We all know how annoying those ‘Update Needed’ pop ups are in the corner of your screen when you log in but new security patches for your OS (operating system), web browser and all your other software or hardware really are important.

Cyber Criminals are on a continuous look out to exploit any weaknesses they find in systems and these updates are deliberate attempts to stop them when such a weakness is identified by the manufacturer.

Ignoring them is an open invitation to a hacker.

Have you covered the basics?

It should go without saying but make sure your entire system, network and all individual devices have trustworthy anti-virus and anti-malware software installed and then make sure that it’s regularly updated to keep the devices safe.

Is your password on the naughty list?

If you take nothing else from this article then take this… please use a strong password and then make sure it’s changed regularly!

In this day and age it’s still amazing how many people use simple passwords from the ‘naughty list’ for convenience sake thinking it’ll never happen to them.

If you’re a system administrator then it’s good practice to ensure all employee passwords must include both capital and lower-case letters, non-sequential numbers and a symbol.

The more complicated it is, the harder it will be to crack with a brute force attack.

It may also be worth putting automatic rules in place to prohibit the partial use of the most popular password choices…

MOST POPULAR PASSWORD CHOICES:

 

  • 123456
  • 123456789
  • Qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • Password
  • 123123
  • 987654321
  • Qwertyuiop
  • Mynoob
  • 123321
  • 666666
  • 18atcskd2w
  • 7777777
  • 1q2w3e4r
  • 654321
  • 555555
  • 3rjs1la7qe
  • Google
  • 1q2w3e4r5t
  • 123qwe
  • Zxcvbnm
  • 1q2w3e
  • 12345
  • 12345678
  • Password
  • Password1
  • Admin
  • Admin1
  • Their name or surname
  • Their birthday
  • ABCDE
  • 696969

 

Never forget, a badly chosen password doesn’t just have the power to compromise one laptop but possibly your entire organisations data as well as potentially your clients, suppliers and partners!

Want a tip from the experts?

The ideal situation would be to have a separate, randomised, password for every device and application an employee has access to. That’s obviously impractical but by using a password manager like LastPass or 1Password it’s possible to have secure passwords whilst only having to remember and update one.

And as a final tip, if your employees are in charge of setting their own passwords and do look after sensitive data tell them to stay away from using middle names, pet names or their child’s names or birthdays.

It’s scary what a determined scammer can learn about someone after a quick search of their social media… but it happens far more often than you’d think.

Passwords for real life

Passwords need protecting in real life too!

Do your employees ever work away from the office?

Have you ever been tempted to log in and check your emails whilst stood in line at Costa?

Even in the workplace have you ever had to let a disgruntled employee go?

It’s important that your employees protect their passwords not just in the digital world but in the real world too.

It’s far too easy to look over someone’s shoulder as they type out a password (especially if it’s something simple like ABCD1234). Make they know to take a look around before typing in their password and that they’re aware of who might be watching. It also goes without saying that they should never share it with anyone.

EVER!

Preventing phishing scams

Always have one eye out for Phishing Scams.

Phishing scams are the fraudulent attempt to obtain sensitive information such as usernames, passwords or credit card information by scammers disguising themselves as a trusted person via email or other digital communication and they’re getting more and more sophisticated every year.

It’s important your IT team or other knowledgeable individual within your organisation teach your staff what to look out for in ‘dodgy’ emails.

Unfortunately, they won’t come from Nigerian Princes these days!

THE EMAIL DISPLAY NAME

A common tactic is to ‘spoof’ a senior member of the organisation in the ‘from’ box.

Just because their name displays doesn’t mean it’s from then.

A good step to take in preventing this is to empower your staff to speak to the sender to double check if the email was from them, especially if it’s requesting information (especially payment details) or requesting a link be clicked.

DON’T CLICK A SUSPICIOUS LINK. JUST… DON’T!

It’s not fool proof but a quick check is to hover your mouse over the link (without clicking it!) This will display the address of where the link will send you. If it looks spammy then it probably is.

Another common tactic of these spammy links is to direct you to a fraudulent homepage of a trusted site (maybe a fake PayPal?) asking you to login again.

If this does happen and you’re unsure either check with your IT Team or go direct to the actual website itself rather than trusting the link in the email. It’ll take an extra 15 seconds but will prevent you giving your details out to a phishing scammer.

LOOK OUT FOR SPELLING, GRAMMAR AND SYNTAX ERRORS

It’s not a hard and fast rule so be careful but a lot of scammers won’t have English as a first language.

If the email is badly worded or spelt there’s a chance it’s not to be trusted.

STRANGE GREETINGS

To save time a lot of scammers send out multiple emails at once.

If your boss normally addresses you by your first name but you suddenly get an email from them that starts dear Valued Employee or Important Client then be instantly suspicious of it, especially if it’s asking you for something.

URGENT RESPONSE REQUIRED

We’ve all had that email from the boss that needs actioning immediately but this is also a scare tactic used by cyber scammers to knock you off kilter and be easier to manipulate.

Whilst it may be genuine and need urgent attention, picking up the phone or walking to their office to double check isn’t going to hurt and may save the company a lot of money… particularly if the email want’s you to do something you wouldn’t normally, like pay an invoice or log in to an account etc.

SOMETHING’S NOT QUITE RIGHT

Sometimes you’ll just look at an email and it won’t feel quite… right.

Maybe the logo is pixelated or the images or layout just feel ‘off’. If something does feel wrong about it trust your instinct and run it by your IT Team before you do anything with it.

SUSPICIOUS DOMAIN NAMES AND URL’S:

Many email scammers will try to spoof existing domain names to make their scams seem more credible. Instead of Amazon.com you might get an email request asking you to log into Amaz0n.com.

It’s easy to miss if you’re not being vigilant and if you’ve already clicked the link the landing page you go to may seem legitimate but it’s important you keep an eye out for these as it’s a common technique.

STRANGE ATTACHMENTS

As email scams become more sophisticated the scammers are relying less on you clicking a link and more on you clicking an attachment infected with some kind of malware. If you’re sent an email from a source you don’t recognise or even one you do but the attachment looks strange (like a .doc for a word file for instance) it may be suspicious. Before opening ask a member of your IT Team to look it over.

Good software, bad malware

If you make it the responsibility of the IT Team to check, download and install new programs then your staff can’t ever accidently download something that poses a security risk.

Unfortunately, many staff will believe it’s safe to download a program as long as they know what the program is (let’s use Microsoft Excel as an example). The problems come when they don’t check where they’re downloading the new software from and perhaps just Google ‘download Microsoft Excel’ then click the first link.

The truth is however these types of programs can often be riddled with virus’, spyware, malware, trojans and worms.

It’d be our advice, to reduce the risk of accidently downloading something like this to a works machine, to implement a complete download protocol where staff are unable to download or install anything without IT’s permission.

It may take a little more time but it will keep your sensitive data a lot more secure.

The Great Firewall of…

If you don’t have a firewall installed get one; if you do make sure it’s kept up to date and the latest firmware is installed.

If you’re using a Wi-Fi network in your office make sure it’s encrypted (with something like WPA2) and make sure you regularly change the password, especially if visitors are logging on to it. Whilst you may trust your guests implicitly, there’s no way to tell if their devices are infected until it’s too late.

Lastly, if your staff ever work remotely, out of the office or from home make sure they log in through a VPN (Virtual Private Network) to avoid any issues with open Wi-Fi networks.

Current and ex-employees might be your biggest vulnerability

In a perfect world there would be no scammers and we’d be able to trust all our employees 100%.

Sadly, we don’t live in that world which means we have to take several uncomfortable steps to protect the workplace from cyber-attacks.

If someone wanted to deliberately download malicious software then chances are they wouldn’t do it from their own machine. For that reason it’s always best to educate your staff as much as possible around cyber security and to implement a policy of locking their devices whenever they step away, never sharing their passwords with anyone or giving remote access to their computer without IT’s permission and although it may sound silly, never leaving their password on a post-it note on their desk.

If someone does leave, especially under bad terms it’s important to change all the passwords they had access to immediately to prevent possible breaches of your secure date.

It’s good practise to keep a record of who has access to what so you know exactly what to update when it’s needed.

Are you using MFA?

Multifactor Authentication sounds a lot more complicated than it actually is, especially when compared against the increases to security it offers.

Simply put, the more barriers you can put in place to make it harder for hackers to access your networks and systems, the better off you’ll be.

Those additional barriers are the point of MFA (Multifactor Authentication).

By combining the need for two or more independent credentials to access data, what the user knows, like a password for instance and what a user has, like a swipe card or other security token, you exponentially increase the security of your data.

Depending on the sensitivity of the data you’re storing you could even go a step further and make biometric verification needed like facial or fingerprint recognition.

It’s all about creating different layers of defence so that even if one is compromised, cybercriminals still have another layer or two to hack.

Implementing some form of MFA is a quick win in increasing your cyber security and doesn’t need to be complicated.

It can be as simple as combining a password with a fingerprint scan or even a security question only known to the user.

Do you even https?

It’s pretty common now but you should still be double checking any website you visit starts with https instead of just the old http.

If it doesn’t it’s not secure so don’t put in any confidential details likes credit card numbers, passwords or address’.

Ever heard of malvertising?

Malvertising is a relatively new way that cyber criminals can add malicious code or malware to your computer. They put viruses and other items into pop up ads then add them into legitimate online advertising networks and websites.

This means you can be doing everything right, just innocently browsing a perfectly legitimate website and still have your computer attacked, often without you even realising it.

Whilst the Ad networks themselves do their best to weed these you or your IT Team can also help by installing an adblocker on all your work machines and making sure your antivirus programmes are up to date.

Your IT Team might be a vulnerability

Hopefully we’re not making you too paranoid here but if you are the victim of a cyber attack chances are you’ll be attacked from a direction you never even considered.

Whilst your IT Team are your most valuable asset in preventing cyber crime attacks within your organisation, that very level of expert knowledge they use can also be a vulnerability. Most members of your IT Team will probably have admin rights and access to every piece of hardware and software within your company… and that’s fine but…

If they’re just working on a day to day basis, browsing the internet etc make sure those admin rights are locked down under a different profile.

There should be no reason they need them on a day to day basis so having them locked away under a different password in case they are attacked adds in an extra step of protection and defence. If on the off chance their computer is then compromised at least the hacker hasn’t gained access to the entire organisation.

Understand and utilise your activity logs

As we’ve already stated, encouraging a culture of digital awareness is vital in protecting your company from attacks from cyber criminals. That’s why we’d recommend you teach all your staff how to check the activity logs of their emails accounts and if used for work their social media accounts as well.

These will show them what browsers and devices they’ve accessed their accounts from and even from what IP address.

If there’s anything then they don’t recognise they can immediately terminate it and reduce the risk of a scammer having unfettered access.

What do you do with all your old devices?

It seems like these days you only need to buy a phone or laptop for it to be out of date 6 months later… but does your company have a recycled electronics protocol in place?

If you’re getting rid of anything that once held any kind of sensitive data on it then it all needs reformatting and returning to the original factory settings.

Scammers go out of their way to buy second-hand office equipment for this reason –  as so many companies don’t follow this vital step.

Hopefully this won’t have left you feeling to paranoid, glancing over your shoulder every time you boot up your laptop or unlock your phone.

A lot of the points we mention should be standard practice for most IT Teams, the main thing is to promote a culture of awareness in your organisation around cyber attacks so that protecting the business becomes everyone’s responsibility.

Related Articles

You might also be interested in

From our world to yours

Compliance monitoring under the spotlight

From our world to yours

The rise of business messaging apps and the need to stay on...

From our world to yours

Compliance: important ownership changes while adapting for flexible remote workforces

From our world to yours

Data silos and legacy compliance monitoring systems – barriers to effective surveillance...

From our world to yours

What it takes to top the Gartner CCaaS Magic Quadrant

From our world to yours

Why gamification is topping the bill for contact centre agent workforce management...

From our world to yours

8 contact centre trends to future proof your business

From our world to yours

Spotlight on Local Government – Where is CX heading for citizens?

From our world to yours

Think bigger with Microsoft Teams.

From our world to yours

Microsoft Teams is here to stay, what’s the next step?

From our world to yours

At Kerv we want to make customer-first really mean something…

From our world to yours

Different by design

From our world to yours

How Engagement Technology is Transforming the Membership Sector

From our world to yours

A modern CRM system needs a modern data platform

From our world to yours

What is… Microsoft Cloud for NonProfit?

From our world to yours

6 Back-office technologies modern supply chains should already be using

From our world to yours

Re-imagining CX in a golden age of integrations – combining Genesys and...

From our world to yours

Maximising CX value through AI-driven digital engagement

From our world to yours

Experience as a Service: What it is, why it’s important and where...

From our world to yours

Achieving empathy across digital channels

From our world to yours

Redesigning CX from the ground up

From our world to yours

Genesys EMEA Cloud Partner of the Year 2020

From our world to yours

Life at Kerv Digital As A Functional Consultant

From our world to yours

Life @ Kerv Digital as an Apprentice Power Platform Consultant

From our world to yours

How To Increase Efficiency With Dynamics 365 Supply Chain Management

From our world to yours

Supply Chain Control Towers – The Tech That’s Changing Logistics Forever

From our world to yours

Supply Chain Digital Twins – The What, The Who & The Why...

From our world to yours

On-Demand Logistics & The Tech That Makes It Possible

From our world to yours

What Is… Insurtech?

From our world to yours

What Is… Microsoft Cloud For NonProfit?

From our world to yours

16 Times You’ve Been Using Artificial Intelligence Without Realising

From our world to yours

Jack’s Worried – His Website Is Losing Him Dues Paying Members

From our world to yours

From Paper Based To Cutting Edge… With Zero Downtime

From our world to yours

Life at Kerv Digital as a UX Designer

From our world to yours

Sarah is Sad – Her Staff Aren’t Finding New Members Or Engaging...

From our world to yours

How To Squeeze Hidden Value From The Hidden Data You Didn’t Know...

From our world to yours

Reducing Member Churn & Delivering Member Insights With Data Science

From our world to yours

Life @ Kerv Digital As A Dynamics Functional Consultant

From our world to yours

The Effect Fintech Is Having On Our Everyday Lives

From our world to yours

Dealing With Ethical Walls In Tech… Ethically

From our world to yours

Life @ Kerv Digital As A DevSecOps Engineer

From our world to yours

IOT: Dragging The Future Of Healthcare Into Today

From our world to yours

How Will Tech Revolutionise Health Care Over The Next Half Century?

From our world to yours

Empowering Public Transport With Big Data

From our world to yours

Putting Patients First Vs. Cost Concerns

From our world to yours

Life @ Kerv Digital As A Power Platform Solution Architect

From our world to yours

What’s The Best CRM For The Membership Sector?

From our world to yours

How Remote Patient Monitoring Data Can Drive Health Efficiencies

From our world to yours

Is A Career In NonProfit Digital Transformation Rewarding?

From our world to yours

Six Back-Office Functions NonProfits Should Be Using Robotic Process Automation For

From our world to yours

How Data Storage Management Will Change In 2022

From our world to yours

Business Central Vs Sage – Which Does Your Organisation Need?

From our world to yours

How To Debug Something With A Rubber Duck

From our world to yours

Using Design Thinking To Empower Digital Transformations

From our world to yours

How Business Central Can Keep You GDPR Compliant

From our world to yours

What Can Business Central Actually Do?

From our world to yours

Why Data Classification Is Vital To Your Organisation (And How To Easily...

From our world to yours

How To Inspect Items When Using The Execute Pipeline Activity In ADF/Synapse...

From our world to yours

How To Create UI Flow’s In Power Automate

From our world to yours

D365 BC Vs D365 FO: Let’s Settle This Once And For All!

From our world to yours

How To Drive Donor Engagement With Kerv Digital’s Free Powerups

From our world to yours

9 Awesome Benefits To The Microsoft Dataverse

From our world to yours

Canvas Apps Vs Model-Driven Apps

From our world to yours

How To Set Up Field Monitoring In Business Central

From our world to yours

Check Out The Benefits Of The Microsoft Catalyst IDEA Framework…

From our world to yours

Component Led Development, Or… How To Make Your Organisation Instantly More Resilient

From our world to yours

How To Achieve A Single Customer View In 5 Easy Steps

From our world to yours

Best Practice For Creating Cloud Flows With Microsoft Power Automate

From our world to yours

Legacy Estate Reduction… Or When To Get Rid Of Old Tech

From our world to yours

What Is Fintech?

From our world to yours

How To Get Better At: Online Continuous Personal Development (CPD)

From our world to yours

Virtual Exam Proctoring (Or How To Stop People Googling The Answers At...

From our world to yours

How Hyperautomation’s Benefiting PAO’s (Professional Accountancy Organisations)

From our world to yours

Cyber Security For Remote Working… How Everyone Can (And Has To) Pitch...

From our world to yours

What Is An Advanced Persistent Threat (APT’S) Attack?

From our world to yours

Visualising Your Data Differently With Power BI

From our world to yours

Database Marketing – What Is It & How Can You Benefit From...

From our world to yours

Microsoft Dynamics Cloud Licensing Options – What’s Available?

From our world to yours

Privacy By Design – What You Need To Know

From our world to yours

How To Connect To A Named Sandbox Environment

From our world to yours

What Are The Different Types Of Cloud Licensing Agreements?

From our world to yours

How To Export To Text Files From Microsoft’s Business Central SAAS

From our world to yours

Technical Debt – The What, Why, When & How Do I Get...

From our world to yours

Ensuring Business Continuity With The Microsoft Stack

From our world to yours

What’s The Best CRM For The NonProfit Sector?

From our world to yours

Rage Donations – How To Engage Past The ‘Now’

From our world to yours

What Is It & How To Avoid: Vendor Lock-In

From our world to yours

The Bad Guys Don’t Care You’re The Good Guys

From our world to yours

Build The Future Of The NonProfit Sector… Today

From our world to yours

Data Protection & Artificial Intelligence: Best Practice

From our world to yours

Shadow IT – 9 Things To Look Out For & 1 Unexpected...

From our world to yours

Organisational Debt & Why It Makes Digital Transformation Hard

From our world to yours

Discussing All Things RPA… Robotic Process Automation

From our world to yours

Creating A Low Code App Using PowerApps & The Power Platform

From our world to yours

Now’s The Time To Get Excited About Cognitive Search

From our world to yours

If You Don’t Have An Automated Deployment Process… You’re Already Obsolete

From our world to yours

Tips & Tricks To Creating Successful Volunteer Management Systems

From our world to yours

The Five Types Of Cyber Criminals

From our world to yours

Security-By-Design: Or… Better Safe Than Sorry!

From our world to yours

Leading With Technology In The Membership Sector

From our world to yours

What Does IAAS, PAAS & SAAS Stand For?

From our world to yours

What Is Business Architecture?

From our world to yours

What Is Data Gravity? (And How Your Organisation Can Benefit From It)

From our world to yours

How To Fix DateTime Stamps In Microsoft Dynamics 365

From our world to yours

6 Easy Steps For Promoting A Culture Of Cyber Security

From our world to yours

Microsoft Dynamics 365: Settings In solutions

From our world to yours

13 Ways To Save Money When Using Microsoft Azure

From our world to yours

The Problems With Addresses In Microsoft Dynamics 365

From our world to yours

Understanding The Benefits Of Predictive Science In The NonProfit Sector

From our world to yours

Top 6 Digital Impacts On Membership Organisations

From our world to yours

The 7 Stages Of A Successful AI Project

From our world to yours

What’s The Difference Between UI And UX?

From our world to yours

8 Ways Your Business Can Increase Turnover With Big Data

From our world to yours

Dynamics 365 In NonProfits

From our world to yours

Kerv acquires TDS Global Communications Compliance Practice

From our world to yours

What is Microsoft’s Power Automate?

From our world to yours

What is InvestTech?

From our world to yours

Derek Is Stressed – His Purchasing Team Aren’t Coping With Long Winded...

From our world to yours

Life @ Kerv Digital As A Jnr DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As A Principal Architect

From our world to yours

Life @ Kerv Digital As An Azure DevSecOps Engineer…

From our world to yours

Life @ Kerv Digital As Head Of Client Services, Public Sector

From our world to yours

Life @ Kerv Digital As A Junior DevSecOps Engineer

From our world to yours

Life @ Kerv Digital As A Graphic Designer

From our world to yours

Microsoft Inspire 2022 – Here’s All The Big Announcements!

From our world to yours

The Need for WhatsApp Compliance Recording

From our world to yours

Life @ Kerv Digital As A UX Researcher

From our world to yours

Life @Kerv Digital As A Senior Delivery Manager

From our world to yours

Life @ Kerv Digital As A Senior Delivery Manager

From our world to yours

Data Silos and Legacy Compliance Monitoring Systems – Barriers to Effective Surveillance...

From our world to yours

Kerv and Venari Security Partner to Widen the Lens of Enterprise Encryption

Have a question?

Leave your details and a member of the team will be in touch to help.
Type your first name here
Type your last name here
Type your phone number here
Type the company you represent here
By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.