Online security is as just vital for businesses as it is for members of the public surfing the internet. And if small and medium-sized enterprises fail to take basic precautions to protect the electronic records containing personal data of customers it could cost their reputation dear.
As well as any losses to fraudsters, fines of up to £500,000 can be levied under the Data Protection Act on businesses found guilty of failing to prevent unauthorised access to customer data.
That’s just part of the message the government has been spreading in a timely public information campaign, Cyber Street wise. Timely because there was some panic when Microsoft almost coincidentally announced that it would no longer be updating anti-virus protection for the Windows XP operating system.
Given the vast number of businesses worldwide still running XP on their PCs or even bank ATMs, it’s no surprise that there was a swift u-turn after outrage from IT managers. But remember that XP has already been overtaken by Windows Vista, Windows 7, Windows 8 and recently the upgrade to Windows 8.1. There’s even talk of Windows 9 appearing sooner rather than later.
In each of these, the built-in security is stronger by design. It’s not just the operating system that keeps your business safe online, but the software you run. And, let’s face it, exploiting weaknesses in out of date software is just what the criminal hacker ordered.
Big bucks for criminals
The government’s advice to businesses looking to improve their cyber security is broken down into five headings as the website guides you along a virtual high street. Some of the suggestions will be familiar to individual web users, and you can seek personal advice at the same web address.
- Install anti-virus programs and updates to the operating system and web browser. This applies to computers running Apple’s operating systems and Linux too. It’s a myth that hackers don’t target them, just that they are fewer in number so for criminals the big bucks are in Windows PCs. It also applies to mobile phones and tablets, including those running Android.
- Use strong, complex passwords, thinking of combinations of letters, numbers and symbols that perhaps represent a sentence rather than a single word as an aid to memory. The most vital of these, the Cyber Street wise website points out is your email password. If criminals crack this, they can reset many of your other passwords by email and lock you out of key accounts.
- Only download from trusted sites and organisations. If possible type in the address of the site you want, rather than copying and pasting which makes it easier for hackers to lead you to fake sites. The Co-operative Bank currently has warnings to customers on its online banking site that criminals are creating copycat websites to lure the unwary. Which brings us on to item four…
- Beware of phishing emails. The criminals are after information that they can use to gain access to your accounts or those of your suppliers or customers. Banks, for example, will never ask for your PIN number. Often typographical errors give the game away to the cruder attempts.
- Review and protect your business information. Even the smallest company these days might well rely on the internet to do business. Prepare a business continuity and disaster recovery. It might just help in the event of a physical disaster, such as fire or flooding, too.
There’s much advice of use to business on the getsafeonline.org website. A lot of it is down to plain commonsense: but the site is worth exploring.
Here are a few specific pieces of advice I read while preparing this blogpost that are worthy of note: password-protect your laptop and even specific folders and files stored on it in case of loss or theft, encrypt files stored on USB sticks for the same reasons, and be wary of email disclosure or insecure loading of personal data onto the internet.
Last, but not least, when you bank online, use secure Wi-Fi. That means an access point you know is secure. Not one of the half dozen or so that pop up when you’re out and about.
At SJ Collections we’re aware of data protection and online security issues in our dealings with clients. Be careful out there.