Stuart Dillon-Roberts from Digital Journey, Paul Macpherson and Sai Honig from Xero, and Steve McCabe from PwC give practical cyber security tips to help keep your business safe.
Host: I’m going to put you all on the spot and get you to think of one practical thing that businesses can take away from what we’ve heard tonight or what you think is the number one thing a small business can do to stay safe online.
Stuart, I’ll start with you.
Stuart: I’ve mentioned backups already, does that count?
Host: We can go with backups. Would you also say “use a security online tool for free at Digital Journey”?
Stuart: Yes, I would do! Obviously, use our tool as that’s a good starting point. It’s a great way to give you a snapshot of how you’re doing when it comes to security.
But from all the times we’ve been helping businesses who’ve gone through ransomware - and ransomware is one of those classic things that “I’ve got Office 365 or I’ve got my files on Dropbox, I can see all my files on the cloud, it’s all safe”. Ransomware doesn’t care about that. It takes over your machine, if it’s One Drive, or Dropbox, it’s still going to be infected. You’re starting off looking at that blank screen with a clock ticking on it saying you’ve got to pay some ransom. I cannot emphasise enough that having a good backup, that is not connected to your machine, and is kept offsite, is absolutely critical.
Host: That’s an offline backup. Thanks very much Stuart. Paul?
Paul: I’m going to say two things. I can’t stress strong enough in my recommendation that if two-factor or multi-factor authentication is available to you on an account, use it. If it’s not available to you, I’d say look to a service that has it. The other thing is the value of education and awareness, especially when it comes to avoiding scams. Knowing that email is dodgy so I shouldn’t click on that link or open that attachment. That is the primary way people are getting into your organisation; getting the malware in, getting the machine infected with ransomware or stealing your information.
Host: Excellent. Really practical. Look for that two-factor authentication in the security settings or in preferences, and make sure you use it if it’s there. Sai?
Sai: I would say keeping your devices updated. Too often I’ve seen where updates are turned off, that includes these little guys too [indicates mobile phone]. When you get an update or a notice of an update, nine times out of ten it’s not just new features. It also includes new security protections that have been developed over time. You want to have the latest on your devices.
Host: Thank you very much. Make sure you update the software you’re using. Finally, Steve.
Steve: I’m not sure what you’re leaving me here! We’ve done education, we’ve done hygiene. Don’t ignore it.
Host: Couldn’t have summed it up in a better way. And it’s around the continuum that Steve was talking about. Don’t be one of these business that just shuts this out of your life until it happens to you. Suddenly you haven’t stored your data somewhere else, you haven’t checked your two-factor authentication, so suddenly they’re accessing all the different programmes that you’ve got. Make sure you’ve got good practices and processes in place, and don’t ignore it.