Search industry contacts
Search this website
| Options Options
Advanced Search
Close menu button Close Menu
Home > Managing > Using technology > Protecting your business from cyber attacks
Document Actions
 

Protecting your business from cyber attacks

— filed under: , ,

Growth in technology has changed the way we do business, and we now connect with customers and share information faster than ever. Most businesses store crucial information such as client lists, credit card numbers and personal data on multiple computers and online spaces.

Regardless of how many computers are used in your business, safe-guarding your critical data can be much easier than you think.

On this page:

Top

 

Identifying information and hardware at risk

It might sound obvious, but the first step to securing your critical or sensitive information is determining where it is located within your business.

Every small business has information that needs to be safeguarded from cyber attacks – client lists, credit card numbers, employee information and payroll data are only some examples. Any data which could potentially cause your business damage if compromised is worth safeguarding. Even the smallest piece of information could be the vital part of the puzzle an attacker needs to compromise your security.

You might be surprised to find your critical data is spread over a variety of mediums including desktop PCs, notebooks, mobile phones, cloud-based networks and portable USB drives. Think about anywhere else you may have left a digital trail containing critical information – stored emails or SMS messages are other places to check.

Making a note of the type of data – such as client lists or personal details – and the location will make things easier when consolidating and securing your data.

Old or unused computers and hard drives may also contain information. Even if these don't hold data deemed critical, it's a good idea to format any drives before disposing of or recycling hardware.

Top

 

Securing your hardware

The key thing to remember when securing your hardware is that less is more. There's no point storing anything that isn't necessary.

Storing old, unused documents on hard drives or network servers is not only time consuming but can also slow networks to a crawl. Delete or back-up anything you are unlikely to use such as old contact details or outdated, completed work.

Leaving unused documents around is also a security risk, regardless of the content. If your data is compromised, a cyber criminal will happily trawl through folders of old documents to gather information to commit identity theft or fraud.

Once your information is tidied up or consolidated into one location, the next step is to secure it from potential security breaches. Regardless of whether you choose to store your data online or on a hard drive, here are some easy ways to keep it secure.

  • Make sure you have good, up-to-date anti-virus and anti-spyware software installed. The best anti-virus software will also protect you from 'malware' – malicious software that can record and transmit browsing data, personal information or passwords.
  • Check if you have a Firewall installed and update if necessary. Firewalls protect you from cyber attacks by filtering all incoming and outgoing data for potential threats. Users often unknowingly create loopholes by allowing programs to bypass firewalls, making an attack easier to execute. Check your computer's security settings to make sure some programs aren’t getting past your filter.
  • Secure wireless networks. Make sure your wireless networks are secure by choosing a strong network password that combines at least two words and contains a variety of characters such as numbers, symbols and uppercase and lowercase letters. Updating firmware and device drivers will keep you up-to-date with the latest security protocol.
  • Consider encrypting critical data. Encryption sounds complicated but doesn't need to be. It's simply a way of protecting data by converting it into another form that is translated back into the original format when required. Most encryption software does this for you and makes it easy to securely share encrypted data with others.

Some other points to keep in mind:

  • Deleting a file from a computer doesn't mean it's permanently removed. It may still be located in the trash can or somewhere else on the hard drive where it can be retrieved. If in doubt, consult an IT professional when deleting any sensitive data.
  • Consider restricting network access to sensitive information. You may find most employees don't need access to certain data, such as payroll information. Your network administrator can lock documents or files for certain users or otherwise password protect files.

If some of your data is stored with another company or third party, don’t be afraid to ask what security measures are in place.

Top

 

Keeping your data secure

Regularly updating software is the best way to prevent new threats from damaging your business.

Security updates are often released to combat specific threats as they emerge. Regardless of when you last updated, be sure to install new updates as they become available. Most software can be configured to let you know when an update is required, or to automatically update at a convenient time each week. Your operating system is also able to download updates automatically.

Mobile phones with online capability also need to be updated regularly with the latest software to prevent any security issues. Keep in mind that many 'apps' or downloadable applications can contain malware or store personal information that can be compromised.

When setting up a new computer at work, do not connect it to the network before installing anti-virus and anti-spyware software and security updates. A new computer can be infected with malware or a virus in less than twenty minutes of online browsing if the latest software and updates aren't installed. Use another computer to download any required updates and put them on a CD to install on the new machine – this is the best way of minimising risk.

Most security software manufacturers publish e-newsletters or articles on new threats and general information – these are also a good way of keeping up-to-date with new resources for fighting cyber crime.

Top

 

How to back up crucial information

The most effective way to mitigate disaster in the event of a security attack is to make a duplicate of your important data before something goes wrong. Any file can be backed up and stored somewhere else for peace of mind.

Backing up your data means it's retrievable in the aftermath of a cyber attack and gives you a line of defence against hard drive failure, human error and natural disasters.

There are a variety of ways to back up data, depending on your requirements and budget.

  • A full back-up makes a copy of your entire system. This includes all data, applications, drivers and your operating system. This requires a lot of space to store but the benefit is that you’ll be able to completely restore your system.
  • A partial back-up only copies new files or files that have changed since the last back-up. Because it doesn't copy every file on the system, it is quicker to perform than a full back-up.
  • A selective back-up requires manually selecting files or folders and copying them. This is a good method if you want to back up only a few files to a disc or hard drive but can be time consuming for larger volumes of data.

Most operating systems include system tools that let you schedule regular, automatic data back-ups to suit your needs.

IT experts recommend you back up your back-up and store one copy at a different location. This will prevent data loss in case your back-up doesn't work, or if your business is damaged by fire or a natural disaster.

There are companies that specialise in off-site back-ups, securely storing your data on the web or on another server. Off-site back-ups have the advantage of being secure in another location in the event that your data is lost. This is particularly useful against hard drive failure, accidental errors, system crashes and natural disasters. Once software is installed, the back-up data can be sent off-site automatically as often as you require. To make things easier, off-site back-up service providers can automatically email you a list of the files backed up each time. Off-site backup services are convenient for companies that back up data on a daily basis.

Some back-up software is able to automatically back up data to external USB drives. These are fairly inexpensive, reliable and are capable of storing a large amount of data.

The best option is to combine methods - play it safe by keeping back-ups on your own systems or hard drives in addition to backing up off-site.

Top

 

Develop an IT security policy

An IT security policy contains clear guidelines for protecting your critical information from cyber threats.

Use this sample IT security policy as a basis for your own company policy and for staff training. Making staff aware of the ways to secure data not only safe guards your best-kept secrets but increases their IT skills and confidence online. The information provided in this article is also a good introduction to the topic.

Consider making it part of the induction process for new employees or part of a wider security policy.

This information is provided by business.govt.nz

 

Related content
Last updated 23 September 2011

Do It Now

With Business.govt.nz:

Business.govt.nz Logo

Related items