Building better cyber security habits

Staying safe online is vital for every business of every size, because all data is attractive to cyber criminals. From basic data mining (pulling together lists of contacts) all the way through to the more sinister end of the scale – accessing private and sensitive data, financial information, medical records and bank accounts.

Recently we have heard directly of instances where small accountancy firms have been violated via their online HMRC accounts. Using the accountants’ logins, the tax status of clients was changed to ‘refund’ and the money was rerouted to a fraudulent bank account.

In the news we’re currently hearing of the Coop supermarket chain which is currently experiencing a large-scale cyber-attack that has left them exposed and, in some regions, its shelves bare - as it has affected them and their wholesalers operationally. M&S, another great British institution, has written to its customer base this week outlining the scale of its own ‘cyber incident’ with warnings to be extra vigilant when receiving communications from M&S and a notification to reset passwords.

We all need to be extra vigilant and do what we can to protect our businesses, our clients and, by default, our reputations. As well as the obvious implications of a cyber-attack, they can also destroy vital trust and carefully constructed relationships. By building better habits we can increase our security and make life more difficult for potential attackers.

Educate your teams: spend some time instilling the importance of online security to your staff. You must have buy-in across the organisation for maximum effect. Employ an ambassador who will regularly share information, useful video links and updates. If you have an internal communications platform, include cyber security as a regular headline. There is a useful resource at cio.com (https://www.cio.com/article/288313/data-breach-how-to-test-the-security-savvy-of-your-staff.html) that outlines a few ideas that you can use to test how security savvy your staff are.

Simple checks: it’s important that everyone in your organisation understands basic online safety housekeeping.

Always check where an incoming email has originated from by clicking on the sender’s name. The sender’s name and email may not match at all, or it may be a clever close match.

Sometimes you can tell an email is suspicious if the language isn’t typical of the organisation; or it has grammar and spelling errors.

Be extra careful if you are asked to click on an external link from an unknown sender or suspicious email.

Also, not everyone realises that apps or games that request personal information are often linked with cyber-crime. By the time you have given your maiden name, date of birth and place of birth, you’re halfway to a full-scale invasion!

Create strong passwords: share guidance of what constitutes a strong password and supply password management tools to store them, especially if the password sequence is complicated and difficult to recall (and these are the best ones!). Always use different passwords to reduce your risk and overall vulnerability.

Multi-factor authentication (MFA): This is really important. If someone did gain access to your password, MFA means they’ll need access to a connected device (usually your phone or a password authenticator) to progress further. This is a great obstacle to put in place.

Key points:

• Cyber-crime is on the increase whilst also becoming increasingly sophisticated

• Throw up as many roadblocks as you can to present a more difficult route for anyone trying to access your information, and that of your clients

• Create a culture at work where staff can raise concerns, report suspicions or share advice and alerts

• Be password savvy

• Employ MFA