Tip 1 - Backup up your data
Our first point is one we can't honestly state enough. The rise of Cyber crime has had an impact on many SMEs, the NCSC even suggesting 1 in 2 businesses have been impacted! The best way you can ensure your business can keep running in the event of a disater is to operate a good backup strategy. Besides the threat of cyber crime, it's not a perfect world and accidents happen, not all data loss is caused by malicious intent after all!
If there's one piece of advice to take away from this point for SMEs, it's to utilise the cloud. We advise the use of OneDrive for workstations, the application automatically replicates your files to the Microsoft Cloud. If you were to lose access to your machine, an exact replica can be found in your personal SharePoint site online, even with document revision history!
Your first step to creating a robust data backup strategy is to identify what data your business can't afford to lose, think about what your weekly routine looks like and where you'd fall down if you couldn't complete it.
Once you've identified all the business critical data, it's time to think about where you're going to copy it and how frequently. How often do you change the documents and what timeframe could you afford to lose are good questions? USB drives offer a good low cost solution but if you'd like to automate the routine we suggest the use of a network attached storage device (NAS).
You can use many technologies or methods to copy the data from one location to another (backing up). What we suggest always vary upon use case but as a starting point look for Windows Backup, TimeMachine, Altaro, Veeam and many others.
Tip 2 - Avoid phishing attacks
Phishing is a type of attack that comes under the category of Social Engineering - any attempt to glean confidential information from your users to compromise security.
You can invest significant resources in technical controls to protect your IT but the path of least resistance will always be through users. Education is key on this one, inform all staff of the risks in clicking links in emails or opening unknown attachments. There are many good education resources available, our commercial suggestion is KnowBe4 but if you want to digest the information, check out the NCSC site for good advice.
Tip 3 - Keep your mobile devices safeIt's likely your smartphone has access to confidential information in your email account, photos and perhaps even documents. The first layer of protection is to make sure your mobile device is pin protected. All devices now have the capability to be tracked remotely once lost or stolen. If you can't get the device back, the second best option is to make sure your data is removed from it. Take a look at the find my phone from Apple or for a vendor netural techy solution take a look at the Exchange Onlines offering (included in most Office365 licenses)
Tip 4 - Use passwords to protect your data
This one seems obvious but it's commonplace for workstations to have the login functionality removed for easier, quicker access to resources. Passwords should be used to protect access to all confidential resources, if you need help in remembering them a good starting place is a password manager like LastPass, OnePass or KeePass (recurring theme in the name!)
The biggeset factor in creating secure passwords is character length. Think joining three or four random words or creating using memorable song lyrics.
Tip 5 - Protect against malwareUse and activate an Anti-Virus! These come in many different flavours and there will be one that fits the bill for you. Our recommendations are BitDefender or ESET but we conceed there is no one size that fits all. Your anti-virus is designed to protect against known signatures of files or programs that have been seen to cause damage elsewhere. Whether that be in exact file or even just in the methods used to exploit your machine. Either way, it isn't the Golden Bullet but does go some way to protecting you against known threats.
Our approachable, Cyber Security expert. Sam provides technical experties to ensure we meet the high standards required across all our accounts.