How do you keep your business safe on the internet?11 Feb 2020
It can be difficult to keep your business safe online…after all, the internet can be a dangerous place! So how to keep your team and your business safe without inhibiting your team’s ability to do their job.
Although the annual Safer Internet Day is really aimed at helping children and young people stay safe online, it’s a great opportunity for businesses to reflect on what they can do to help their staff stay safe and protect their valuable digital assets.
This year’s motto for Safer Internet Day is “Together for a better internet” and (in my opinion) that sums up the approach businesses should take regarding online security.
As I see it, there are three business elements that need to come together to make sure your data and employees are as safe as you can make them:
- Everyone taking (informed) responsibility for their actions online
- Having policies and procedures in place to protect your business interests
- Implementing any and all necessary technical barriers
Everyone has some level of responsibility
Every single person in your business has some responsibility to be vigilant while online and everywhere really.
There are so many ways for scammers to gain access to “stuff” they shouldn’t – phishing emails or calls, sending dodgy links, spoofing legitimate email addresses, etc. It’s a minefield.
And each person has to be on their toes…but you as a business owner need to support them in this:
- Regularly reminding people of the potential threats,
- Circulating new and relevant information, and
- Possibly even encouraging attendance at workshops or webinars
Individuals will also need to think about their passwords and where they are accessing data from while away from the office, but I’m going to cover that in a bit more detail in the next section…you’ll see why when I get there.
But in general, once everyone on your team is informed about the best ways to keep safe online, you can be a little bit more confident in your business security.
Company Procedures and Policies
In addition to have a policy around how to keep everyone informed, trained, and up to date on the latest possible security threats, there are a number of other things you can do to keep your business safe online before you even start looking at the technical fixes.
I’ll talk about these technical solutions in the next section, but in this one, I’d like to focus on just a few of the procedural aspects of your business that will help keep you secure.
Write and Enforce your BYOD Policy
If you let your team use their own devices for accessing your company data, you need to have a policy around this use.
Having requirements for the security of it, defining which apps people can use for business, setting restrictions in place on unsecured connections, etc will all help to keep your data secure no matter where your team are accessing it.
Password Policies (and a Manager?)
Setting policies for password length, complexity, and uniqueness may feel like overkill—everyone knows this stuff, right? Basic internet safety stuff.
But the reality is that a lot of people use the same password for everything…or use unique passwords that are laughably easy to guess.
Having guidance and policies in place (possibly even though the use of a password manager) can help to strengthen the security of your business data at the most basic level.
Plan for Security Breach
If the worst should happen and your physical or IT security is breached, you need to have a plan in place already for your response.
You need to know who you will be notifying, what your first steps will be, who you will call in to help, and so on. This is not the time you want to be floundering around, you want to be falling back on a considered and methodically worked out strategy.
Schedule for Security Review
As you finalise writing up all your security policies, procedures, and guidelines, make sure you schedule some review sessions at a regular interval.
Information about threats and the best way to deal with them is always changing. And so should your security policies.
So review and update them regularly…and tell your team.
Implementing the Technical Barriers
In addition to the procedural elements of your business online security plans, there are a number of things you can do technically that will help keep everyone (and your data) safe.
Keep your Software and Anti-Virus Up to Date
Whether you set them to be updated automatically or it is a single person’s job to run round and update everyone, the importance of keeping your computer software and anti-virus bang up to date cannot be overstated.
These updates will have all the available the fixes and security patches for the latest detected threats.
By keeping these and your firewall, antispam, etc. up to date, you are strengthening your business’ first line of defence.
Back up, Back up, Back up
As with your plan for possible security breach, making sure all of your important data is regularly backed up gives you that bit of confidence that you are prepared should the worst happen.
Permissions and Access
Deciding which of your team should have access to what data is not really a question of trust. I’m sure you trust most of your employees with most of your data.
At the same time, however, giving people access to data they do not need to do their job can be both distracting for them and a potential risk for your business. It doesn’t mean you have be really harsh with your team.
Just review the data you hold and decide who should be able to see, edit, or delete it. In OpenCRM we have a number of settings and controls around this whole issue of access and permission. Give me a call if you’d like to discuss.
Hopefully this gives a head start on your online security journey. If you’d like to know more about how OpenCRM work to keep your data safe, please check out some of our resources here.
Companies’ House have a handy guide to walk you through a few more of the things you can do as a business to keep yourself secure online.