2. Ten top tips on keeping your business secure
With the threat landscape constantly developing, it has never been more important
for businesses to be vigilant when it comes to security. An attack on your business can
not only mean a loss in productivity, but it may lead to a loss of brand credibility and,
in future, fines that could total up to tens of thousands of pounds.
To help you stay ahead of the hackers, here are our top 10 tips on keeping your
business secure.
Implement a multi-layered defence
Being confident that your business is not just
about installing anti-virus software, it’s about
having a solution at every level and for every
threat, from malware to opportunist thieves.
It’s about physically securing devices so that
they can’t be picked up and removed; it’s about
choosing the right passwords – as long as
possible and preferably a mix of letters and
numbers; installing firewalls to prevent attacks
from the internet; using virtual private networks
(VPN) to access data securely from outside
of the business network; using mobile device
management (MDM) tools to wipe mobile
devices if they’re stolen; preventing rogue
applications being downloaded; and helping
your front-line and back-room employees to
understand the reasons you need to be secure.
Get your users on side
Security has to start at the grass roots. A business
can have the most sophisticated firewalls and
anti-virus software, but if an employee gives away
their corporate username and password, through
a clever phishing email, or selecting a password
that’s simple to guess, then that security will
count for nothing.
In the past, attacks were largely brute force attacks
and weren’t targeted at any particular type of
business. Over the years, the attacks on businesses
have started to become more sophisticated, and are
now targeted at specific people in an organisation
and may involve sophisticated social engineering
as part of the strategy.
Employees need to understand the duty they have
in keeping data safe, the potential costs associated
with any breach, and the need to be vigilant at all
times, both in and out of work. Many businesses
ask new employees to sign ridiculously long IT
policy agreements that nobody but the lawyers
read. While this may cross all the T’s and dot
the I’s, it is not going to be effective in preventing
breaches. Security policies need to be simple to
understand and need to be updated frequently
as threats change. The clearer the policy, the
more likely you are to get your employees on
side and the fewer breaches you’re likely
to have.
1 2
Ten top tips on keeping
yourbusiness secure
3. Be social media aware
Social media has become a fact of life, everyone
uses it and there’s no chance of you being able
to ban it, unfortunately it’s also one of the ways
that many employees are targeted for attack.
Employees should manage what they disclose
on social media as the information in a social
media post can often provide the intelligence
to make phishing emails from potential hackers
look more authentic.
Consider looking at some of the tools available
that help lock down social media and flag potential
problems. For example: Bitdefender’s Safego is
a free privacy app designed to stop phishing links
in Facebook, or Norton’s Safe Web an application
that scans web pages to highlight potentially
unsafe links.
Make passwords secure
Choosing an effective password is one of the
cheapest and easiest ways to ensure your business
is protected. One of the advantages of low-cost
cloud services like Amazon is that hackers are
able to access huge amounts of computing power
to break passwords. To make things harder for the
hacker, you need to choose an effective password.
Adding numbers, special characters, and upper
and lower case characters will make a password
hard to crack.
For example, if your password consists of four
digits and you only use numbers, there will be ten
to the power of four (10,000) possibilities. If you then
add alphabetic characters (a-z in lower case) to the
numeric, you get 36 to the power of four possibilities
(1.6 million). By using numbers, special characters
and upper and lower case characters in a longer
password, say 11 digits, you will effectively force
any cracking program used to choose from 104
characters multiplied by 11 digits, resulting in
15,394,540,563,150,776,827,904 possibilities.
This increases the time needed to crack a
password from seconds to millions of years.
However, it’s important to note that these
techniques are being improved and enhanced
all of the time. As computing power increases,
so do attack methods, which is why you need
to change passwords regularly.
Use passwords on everything
One of the areas where people tend not to use
passwords, but should, is on mobile phones.
When mobile phones were simply devices to talk
on, a password didn’t really matter. But phones
have now turned into smartphones and, increasingly,
businesses are run from them. According to a
survey by security business Sophos*, around half
(47%) of all phone users use their personal mobile
devices for business purposes, but one in three
(34%) admit they do not actually use passwords
on these devices even though they keep office
email, confidential documents, customer contact
information and budget information on them.
Because of this ability to access business secrets,
a lost or stolen mobile phone becomes a quick and
easy way for any thief to get access to millions
of pounds worth of valuable data. Look at Mobile
Device Management (MDM) software that allows
the business to monitor access to a mobile device
(tablet devices included) and remotely wipe the
devices should they fall into the wrong hands.
Update your programs regularly
One of the ways hackers use to attack systems
is to exploit bugs in known applications and in the
operating systems that sit on our computers and
mobile devices. To make sure that you’re not open
to these hacks, you will need to make sure that
your computers and devices are properly patched
and updated.
With Sage 200 Online you’ll enjoy automated
back-ups, updates and upgrades. Automated
backups are taken daily, monthly and yearly and
stored on the Microsoft Azure platform. Frequently
updating your programs and operating systems
will keep your business up to date on any
recent issues.
3 5
4
Ten top tips on keeping your business secure
6
* Source - Sophos Mobile Security Threat Report – 2012
4. Make a move to the cloud
More and more businesses are looking to the cloud
to provide their infrastructure and applications, and
many are choosing to make the move to the cloud
to improve their security. A recent survey by the
Harvard Business Review** for Verizon revealed
that more than a third (36%) of businesses say that
cloud actually increases their security and nearly
three quarters (71%) expect cloud to reduce
complexity in their business. Indeed, a move to
the cloud will remove the time and cost involved
in constantly updating your applications because
with cloud you always have the most up-to-date
version of the software available.
To choose the right cloud service for your business
you need to research the provider and ask if they
have any history of serving other customers with
your requirements. Asking if they conform to any
cloud-specific accreditations, such as ISO/IEC
27001:2005, used for Sage 200 software, means
you can ensure security and reliability. If you need
a quick decision then see if they’re approved for
the Governments G-Cloud service; if they are then
they’re good enough for your business.
They should also be able to provide reports for how
the data is managed and accessed, and what – if
any – audit data is provided. With Sage, you will
be safe in the knowledge that your business data
is held in data centres managed and operated by
Microsoft Global Foundation Services in Europe.
You should also nail down the contractual
arrangements and security provisions in the Service
Level Agreement (SLA) to determine where data
will be stored, how access is given, how it will
be protected.
Keep track of who uses what
One of the disadvantages of the cloud is that it’s
often too simple for people in the business to use,
and this leads to Shadow IT – cloud applications
bought in by individual employees, the marketing
department, sales etc. An October 2014 survey***
by Netskope found that the average number of
‘shadow IT’ applications in use in an enterprise is
579, of which 88.7% are consumer-based and don’t
have the standard security and checks you expect
from an application designed for enterprises.
Having access to data anytime, anywhere is
great - Sage 200 offers the option to access data
when away from the office or out on the road. But
keep business data safe by allowing only authorised
users access key information through an internet
connection, enabling you to use a wide variety of
mobile devices, amongst a select and secure
number of staff.
To mitigate the numbers and types of applications
in use, you first need to find out what’s out there
and then find alternatives, but make sure that the
alternatives are not only acceptable by you, but also
your employees. The ‘shadow IT’ applications will
not go away, and if you outlaw them, others will
quickly replace them. Your employees have resorted
to them because the business hasn’t been agile
enough and they see an answer to a problem that
helps them in their job. You need to do the same,
but obviously you need to choose something with
greater security
7 8
Ten top tips on keeping your business secure
**Source - Business Agility in the Cloud – Harvard Business Review/Verizon – www.hbr.org – July 2014
***Source - Cloud Report 2014 – Netskope – www.netskope.com – Oct 2014