As the power of the internet continues to grow, more and more businesses are heading online to reach customers through websites and social media. Therefore it is essential to take steps to protect your business from cybercriminals and technical failure, which can result in damaged reputation, system shutdowns and reduced earnings.
Your business and social media
Here are some top tips from Get Safe Online to help you and your business to use social media safely and responsibly.
- Restrict access to company social media accounts to only those who need it and are trained to use them. Set up and maintain an audit trail of who has access to what social media accounts, and immediately stop access to employees or contractors who leave the business.
- If considering the use of apps to aggregate multiple Twitter, Facebook and LinkedIn accounts, use only those that are relevant and needed, and restrict access as they are a popular target for hacking.
- Be wary of publishing any identifying confidential information about your business, directors, employees or customers - either in your profile or in your posts / tweets. You and colleagues should consider carefully before publishing comments or pictures that might later cause difficulties, either to the business or third parties.
- Monitor what other businesses and individuals post about you, or reply to your posts. Learn how to use sites correctly. Use the privacy features to restrict others’ access to your profile. Be guarded about who you let join your network.
- Ensure that you and colleagues are constantly on guard against phishing, vishing and other social engineering activity aimed at gleaning social media passwords.
- Ensure you have effective and updated internet security software and firewall running before going online.
In June 2014 the Government launched a certified Cyber Essentials Scheme to encourage organisations to consider they own cyber security measures and the steps that they can take to minimise the risk posed to their company.
The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.
The four top security controls for any organisation include:
1) Enabling firewalls and internet gateways - This acts as a barrier between your computer and internet, preventing any unauthorised access to your systems;
2) Malware protection - Ensuring that any malware and anti-virus protection is enabled and up to date;
3) Security configuration - This enables you to configure the security settings to the most appropriate to the needs of the organisation. E.g. Privacy settings on Facebook;
4) Access Control - This is where different types of access levels are granted depending on what is necessary to perform at appropriate level. E.g. Admin access for more control than normal users;
For more information about the scheme, visit Cyber Essentials here.
Ransomware Guidance for Businesses
Essentially the advice is as simple as;
- Understand the technical estate that you are responsible for, and update, or ‘patch’, all software on all systems within. Microsoft have also now released a patch for legacy Windows XP systems relevant to this malware.
- NCSC has also released additional defence steps relevant to the enterprise network defender.
- Use Anti-Virus software at all times and ensure that it too is updated.
- Back up your system or critical data to a storage device that is not within the same network. Consider cloud storage options where suitable.
- If you believe that you have been a victim of a ransomware attack, report it to Action Fraud.
Further detailed information can be found on the NCSC website: https://www.ncsc.gov.uk/guidance/ransomware-guidance-enterprise-administrators