Insights

Top 10 Cyber Security Tips for Business

Estimated reading time: 5 minutes.

The world is now more connected than ever. While this makes doing business easier, it also makes it easier for criminals to wreck havoc via phishing and ransom scams, data hacking and fraud. With teams now working remotely, the threat is multiplied!

Here are our top 10 tips for protecting your business.

1. Ensure your data is being backed up

Losing data can be disastrous.  Save time, money and protect your livelihood by developing a back-up strategy.

The simplest option for most businesses is to migrate emails, contacts, calendars and files to Google Workspace. A large part of your critical data will then automatically be backed-up and accessible from any location. You can go further and invest in Backupify to backup all Workspace data into a separate cloud 3 times PER DAY.

For on-premise systems (that can’t be moved to the cloud),  we generally recommend a 3-2-1 backup system. This means having 3 copies of your data: 

  • One copy on your computer
  • A second copy on a local server or network storage device (NAS)
  • A third copy backed-up in the cloud or off-site.

Keep in mind though that an ‘off-site’ copy isn’t really a back-up if it isn’t up to date. So, if you are not disciplined enough to take the ‘back-up’ home with you EVERY DAY, connect an automatic cloud back-up service.

2. Control who has access to your data

Remove access to your systems from people who no longer need it.

Immediately remove access for people who:

  • no longer work for your business
  • have changed positions and no longer require access.

Unauthorised access to systems by past employees is a common cause of identity security or fraud issues for businesses.

Identity & Access Management (IAM) solutions let you manage user identities, define access rights, and track activity. Limit access to sensitive data on a need-to-know basis and regularly review access levels as employee roles change.

Learn how JD Stride can assist with Identity & Access Management (IAM).

3. Ensure all your devices have the latest security updates installed

How often have you clicked the ‘Remind me later’ button for installing software updates? 

Run weekly anti-virus and malware scans and have up-to-date security software – on every computer.

Instances of malicious software (malware) are increasing. It can be easy to accidentally click on an email or website link which can infect your computer.

Software updates often patch security holes. Set automatic updates or have a strict update schedule. If you have a team of 5 people of more (which is typically when you reach 10 devices with access to corporate data), we recommend investing in Unified Endpoint Management – which helps manage updates and security settings across all devices, simplifying protection.

Mobile devices are easy targets. Enforce strong passwords, lock screens, encryption, and consider mobile device management (MDM) software for centralized control.

Learn more about how JD Stride can assist with Unified Device Management .

4. Secure Mobile Devices with Unified Endpoint Management (UDM)

Mobile devices are easy to lose or misplace, making them prime targets for theft and data breaches. UDM solutions aid in enforcing strong passwords, encryption, and applying security policies across all devices. Additionally, UDM solutions offer these critical benefits for mobile device security:

  • Remote Lock and Wipe: If a device is lost or stolen, UDM allows you to remotely lock the device to prevent unauthorized access and even wipe sensitive data to protect it from falling into the wrong hands.
  • Location Tracking: Some UDM solutions include location tracking, which can help you find a lost device or aid investigations in the case of theft.
  • Application Management: UDM enables you to control which apps can be installed on company devices, preventing the use of risky or unauthorized apps.
  • Containerization: UDM can create secure “containers” on devices, separating personal and business data to enhance security and privacy.

Learn more about how JD Stride can assist with Unified Device Management .

5. We'll say it again - Use unique, strong passwords for every application & activate multi-factor authentication.

Enforce complex passwords that are changed regularly. Multi-Factor Authentication (MFA) adds another layer of protection, such as a code sent to your phone.

An Identity & Access Management (IAM) system can centralise control over who can access what data within your organisation, ensuring only the right people have access to the right resources.

It’s worth noting that besides managing a directory of users, enterprise IAM systems can also provide employees with access to all of the cloud applications they need, but without having to know the passwords. So when someone leaves, they can be locked out of ALL applications with the click of a button – because they never knew the passwords!

A hacker might be able to steal or guess a password, but they can’t reproduce something an individual user has. For this reason, we recommend enforcing 2-factor authentication for G Suite, Microsoft 365 and other online services.

2-factor authentication (also known as multi-factor authentication (MFA) or 2-step verification (2SV)) combines two independent credentials in order to gain access to an account e.g. a user’s password and a random code sent from an authentication app on their smartphone.  If one factor is defeated (e.g. a password is leaked from a successful phishing attempt), the attacker will still need the other factor to gain access.

All reputable cloud services will provide a 2-factor authentication option. Ensure all team members use it!

6. Do NOT use email to authorise payments with your team

This is a BIG one. Enforce a policy of not allowing an ’email’ to be used as authorisation for a payment. 

We have seen many cases where the business owner’s email address has been ‘spoofed’ and fraudulent emails sent to the accounts department ‘authorising’ the payment of fake invoices.

Ensure large payments are authorised in person or via a phone call.

Additionally, be wary of false billing scams requesting you pay fake invoices for directory listings, advertising, domain name renewals or office supplies that you did not order.

7. Educate Employees: The Human Factor

Employees often unknowingly open the door to cyberattacks. Train them to identify phishing scams, create strong passwords, and recognise social engineering attempts. Regular reminders and clear guidelines empower your workforce to be your first line of defence.

Remind your team to be vigilant when opening email.

Always use a spam filter on your email account and do not open unsolicited messages.

Be wary of downloading attachments or opening email links, even if they are from someone you know.

Spam emails can be:

  • embedded with malware
  • used to trick you into providing information or buying non-legitimate goods.

Do not respond to or click on these emails, as doing so just lets the scammer know they have found a ‘real’ email address.

Contact us to discuss arranging security awareness training for your  organisation. It’s possible to have simulated phishing, malware and scam emails sent to your team. When someone clicks when they shouldn’t, they can be taken through some awareness training to teach them to be more vigilant.

8. Secure your wireless network - and never use free WiFi & USB charging stations

Ensure you change the default password on your WiFi. The default passwords are often listed on manufacturer websites or blogs, so you could be a Google search away from being hacked.

And NEVER use free WiFi at airports, hotels or shopping centres. These networks are public and open – not secure and encrypted. Only connect to cloud services via a secure connection such a tethering to your phone or via a VPN.

Similarly, never use public USB charging stations in airports, hotels, or shopping centres. Hackers can compromise them to install malware or steal your data. Always carry your own charger and cord, and plug directly into an electrical outlet.

9. Invest in anti-virus and endpoint protection

Invest in quality security software with multiple layers of protection for all your devices.

While traditional antivirus is a good start, consider upgrading to next-gen AV solutions. These go beyond just scanning for known malware patterns. They use advanced techniques like machine learning and behavioural analysis to detect and block even brand-new, never-before-seen threats.

Learn about the difference between traditional antivirus software and Next-Gen AV in this article.

Speak to one of our cybersecurity specialists to discuss implementing Endpoint Management with Next-Gen AV for your organisation. These services provide centralised management, continuous monitoring, and advanced threat detection across all your devices.

10. Invest in cyber insurance

Sometimes disasters happen. For peace of mind, invest in cyber insurance.

The average cost of a cyber incident in Australia is in excess of $250,000, so it is imperative you protect your business from cyber threats.

Cyber insurance protects your business from the costs associated with data loss, interruptions, restoration, ransom payments and more. 

Before you decide on the level cyber insurance you need, weigh up the risks. What would happen in the event of a security breach? How long can your business be out of action? Do you or your clients need 24/7 access to services?

In short, the greater the risks, the greater the need for insurance.

Following the above cyber security tips will go a long way to keeping your business safe from cybercrime. Some of the tips might seem obvious, but it’s the small things that can make a big difference.

If you have and questions or wish to discuss the cyber security strategy for your business, please don’t hesitate to contact us.

Ensure your business is protected from cyber threats