Published in March 2021, the Governments’ Cyber Security Breaches Survey 2021 revealed that four in ten businesses (39%) report having cyber security breaches or attacks in the last 12 months. While this number is likely to be higher in medium and large businesses, it’s important small business – like us – take the threat seriously and put in place measures to ensure the data we hold is secure.
That’s why we work with Risk Evolves to ensure our systems, processes and team are protecting both our business and our clients’ information.
Of course, cyber security is just as important in our individual lives and we asked the team at Risk Evolves to share their top tips for preventing breaches.
1. Implement updates and software patches: Make sure that all software is up to date – always. This includes apps on smart devices. Aside from the additional functionality, the software designers will push out updates to software when vulnerabilities have been identified.
2. Make sure your software and devices are still being updated: Software, hardware (laptop, desktop) or devices that you purchased years ago may no longer receive updates. If it’s the case that there are no updates available or the supplier no longer supports it, then it’s time to change the software or device as it could be vulnerable to new exploits. We wouldn’t continue to wear a pair of shoes with holes in; we’d repair them or buy a new pair. The same principle applies here.
3. Install good anti-virus protection: Make sure that all devices that are used to access the internet, email, banking etc have good anti-virus software installed. You’ll find many providers with well known names such as Bitdefender, Eset, Norton, McAfee, Kasperskey, Avast. Most of the big providers supply multiple licences, so make sure you protect your phone and tablet as well as your laptop or personal computer.
4. Make sure your passwords are strong: If you prefer to create your own password, then the National Cyber Security Centre (NCSC) recommends choosing three random words and then changing some of the characters e.g. BluePenguinGin to Blu3PenguinG!n?. Make sure the random words really are random and can’t be easily guessed by looking at your social media e.g. the name of your pets, kids or partner, holiday destinations etc. However, remembering passwords – especially complex ones – is difficult, so the best line of defence is to use a password manager (Risk Evolves use 1Password). This generates passwords for you and the only password that you need to remember is the one that gets you into the password manager.
5. A different password for every account: By making sure every account has its own password, you can be sure that if one account is breached then you only need to change the one password, not on all your accounts where that password is used. Again, there are password managers that can help you with this such as 1Password.
6. Change default passwords: It sounds obvious but make sure you always change default passwords on things like Routers, Amazon Alexas, home speakers, Ring Doorbells etc.
7. Make multi factor authentication (MFA) a priority for email accounts: You may also hear MFA referred to as Two Factor Authentication (2FA). You’ll be familiar with using MFA for banking transactions, usually in the form of the little card reader device that creates a code. MFA or 2FA is critical for email accounts. Your email account is one of the most critical accounts because it’s where you receive password reset emails and where details of your contacts are stored. Using MFA or 2FA simply means that you’ll be asked to enter a code after you’ve entered your (strong) password. MFA can be activated on many accounts now e.g. Paypal, Gmail, Microsoft, Ebay, Instagram, Amazon, Twitter, Facebook, so if you have the opportunity to switch it on, make sure you do. As another layer of protection, it’s just like adding a bolt to your door or a steering lock in your car.
Be vigilant and take action
If you want to check if your email accounts have ever been compromised, then enter your email address at https://haveibeenpwned.com. If it’s listed and you haven’t changed your password since the breach, then now’s the time to take action.
Take the following steps:
1. Change passwords immediately. Remember to make your new password strong.
2. Report to ActionFraud
3. If you’re concerned that your financial information may have been compromised, contact your bank
4. Sign up to CIFAS – this is the UK’s biggest fraud sharing database.
5. Make sure you’ve worked your way through all seven steps above.
Help is out there
The world of internet security can often feel intimidating but there’s lots of help available out there. Great sources of help include:
If you have any questions or aren’t sure about something you’ve received from us, just get in touch – email firstname.lastname@example.org and one of the team will be in touch.