Cyber Resilience Tips for Small Business
Passwords
A strong password is one that’s tricky to guess and includes a mix of uppercase and lowercase letters, numbers, and special characters. The NCSC recommends the use of three random words followed by punctuation to create a secure and separate password. https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words
See what passwords you and your staff have that have already appeared in data breaches and change them as soon as possible. https://haveibeenpwned.com/ is a legitimate website where you can enter your email address and telephone number to see if your information has been captured in a data breach. You can also register your email address or domain and get notified if it appears in another breach.
Establish a clear password policy for staff and educate them about the importance of having strong and separate passwords. If you need some help with this, reach out to your FOS.net account manager.
If your staff have a lot of passwords to remember, consider getting an enterprise password manager so they only have to remember one, and the password manager generates and remembers the rest saying goodbye to reused passwords. https://www.dashlane.com/business-password-manager
Multi Factor Authentication
(MFA) plays a vital role in safeguarding your systems, accounts, and devices. They offer an extra layer of protection by utilizing two or more methods to verify your identity. Even with strong passwords, if someone gets hold of your password, the security of your system is compromised. However, by implementing 2SV or MFA, cybercriminals cannot gain access simply by cracking your password. They would also need your fingerprint, FaceID, or your mobile phone to authorise a login attempt using a mobile authenticator app.
Phishing Attacks
The most popular type of cyber-attack last year was phishing attacks. Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords. Educate your staff and volunteers about the risks and best practices for identifying and avoiding phishing scams. If you need some help with this, we offer affordable security awareness training programs that can be tailored to your company.
Have a plan in place to deal with phishing attempts and successful attacks. Make sure your staff knows how to report an attack and dont put barriers in place to reporting. If you are a small business that is currently suffering alive cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week. If you suspect a phishing attack, please report it to the Suspicious Email Reporting Services (SERS) set up by the NCSC at: report@phishing.gov.uk Text messages can be forwarded to 7726
Keeping Devices Up to Date
Device manufacturers and app developers regularly roll out software updates that come with exciting new features, bug fixes, and performance enhancements. But that’s not all they also pack in essential security patches and new security features that you shouldn’t ignore. Why are these patches so important? Well, they’re designed to fix any known weaknesses in the products that can be exploited by attackers. By installing these patches, you’re closing the door on potential threats and making it harder for attackers to mess with your devices. So, make sure to keep an eye out for updates and lend a helping hand if needed.
Join the Eastern Cyber Resilience Centre
The Eastern Cyber Resilience Centre https://www.ecrcentre.co.uk/ is a pioneering initiative committed to bolstering cybersecurity resilience in the Eastern region. Their mission is to provide organisations, particularly small and medium-sized enterprises (SMEs), with the knowledge, tools, and support necessary to defend against cyber threats effectively.
Our collaboration with ECRC signifies a shared vision of creating a safer digital environment for businesses. By joining forces, we aim to provide small businesses with the means to protect their operations, customer data, and reputation from cyberattacks.
Security Awareness Training for your staff
What a lot of small businesses do not know is that there are several agencies that offer free cybersecurity awareness and training. A good place to start is the Government’s National Cyber Security Centre https://www.ncsc.gov.uk/section/advice-guidance/all-topics
Another great resource is Cybok. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic.