The challenges of cyber security, and the importance of proactive behaviours by businesses operating an online presence, have never been such a major issue in the UK. Such is the level of the threat out there that official guidelines on the topic of cyber security are now to be introduced into UK computer science and other IT-related degrees, with the intention that graduates will have a good understanding of what they’ll be up against once they enter employment.
The danger posed by hacks and other forms of attack is so diverse and fast-paced that hopefully weight will be given to the concept that being alert 24/7 to new risks is vital.
In the meantime, here’s some advice on how your company can tighten up its online security efforts.
Don’t forget that you not only need to protect your company’s operational interests, but you also have a legal duty to ensure any third party data you hold is not compromised.
Domain Names
If you are having a web site developed by a third party, it is really important to ensure that you own that domain name. If you have an issue with the developer and they own the web address it could create a severe problem for your business. You can purchase domains from a number of companies, but do ensure they are reputable organisations. And do also consider the various options domain suffixes available. We are all familiar with .co.uk and .com web sites, but there are an amazing array of options available these days. For example, if you are searching domain names from UK2 you will see these now include .london.
Prevent the competition from stealing a march on you, and help protect your brand identity, by ensuring that your domain name is registered for as long as possible, that you make all payments promptly, and you either opt for automatic renewal or have systems in place to ensure you don’t miss renewal dates. Cases of domain ‘hijacking’ are increasingly common, where shady characters take advantage of companies that let their domain name registration expire and buy them up to use for phishing or other activities designed to trick your customers.
Patch Things Up
The more extensive and complex your network is, the more likely it is that there’s going to be some vulnerabilities in there, things that can be exploited by a hacker. Find these issues, whether they are in your software or hardware, and install the right patches. Time and budget spent making little fixes can save major hassles and costs in the longer term.
Who, What, Where
You should have oversight of exactly what devices are on your network at any point in time, whether temporarily or permanently, as well as which employees are using them, when, where, and for what type of work. Any that are either unauthorized or inappropriate can then be removed. From the large servers, to the tiny thumbnail USBs, and everything in between, are they being used safely and in accordance with good cyber security principles? Restrict the use of anything that can be used to remove data from the office to those that have need of them.
Software
It’s essential that your business has anti-virus software and a strong firewall installed and that they’re kept up-to-date. Are they fit-for-purpose? As mentioned above the nature of online threats is ever expanding and evolving, and a slip-up here could have major repercussions for your company’s brand image, revenue and customer confidence. Anti-virus software should be installed on all your systems, and also should be on the personal devices of any staff using them for work.
Regulate Access
Determine who, among your team, need access to what information, and use your server to allocate or deny access based upon that. For instance, your HR team should not need to see financial accounts, your accounts team will not have any requirement to marketing schedules, and your marketing team don’t need to know what the IT budget will be spent on over the following 12 months. Segregating information in this manner helps to prevent leaks, and accidental amendments or deletions to important files, as well as improving cooperation on projects between teams. That’s not to say information cannot be shared: we believe transparency is important but open access to company files via IT systems is not necessarily the best way to disseminate information.
Prioritise
Understand what your company’s top IT priorities should be, improving website uptime, boosting ecommerce conversions or moving applications into an external data centre or the Cloud, and establish how you can meet those goals while remaining secure.
Staff Involvement
Your company can never be entirely secure unless all of your staff appreciate the risks of operating online as well as the benefits. You should develop a code of practise, including rules such as maintaining strong passwords, and enforce it. With representatives of your IT team and other departments, particularly marketing, develop a separate action plan of how to cope if any systems should be hacked. Consider how to get the website or network up and running again quickly, what information should be given to customers or the press, and how to ensure customer data is secure and segregated.
Article by Patrick Vernon on behalf of UK2.