Keep your business safe online

Published: Friday, December 9th, 2016

There’s a lot of talk about hacking these days. From cyber-attacks on individuals to hackers trying to influence the outcome of the US presidential elections. The biggest advantage they have is people’s lack of awareness; vigilance is the key factor in the fight against cyber-crime. We all need to take greater responsibility for protecting our personal and business data, so if security hasn’t been a priority for you up till now, make it one. Your reputation depends on it.

To help you out we’ve listed 7 practical ways you and your business can stay safer online.

1. Install anti-viral software on your computer

It may sound like a no-brainer but securing your PC is critical. Anti-virus packages cannot guarantee 100% protection for your computer but they do act as a necessary firewall between you and the hackers, helping to keep you safe online while browsing the internet. However, security software can only do so much; staying safe online also requires a certain amount of personal responsibility. So be careful what sites you visit and keep your anti-virus software up to date!
Tip: Norton, Bitdefender and McAfee still rank high as trusted anti-virus software solutions, though there are many others to suit your needs and budget.

2. Unique passwords – longer is better

Did you know that the length of a password is a critical element in effective password security? Longer passwords are much more difficult for hackers to figure out. The minimum recommendation is eight characters but more is better and always use a mix of uppercase and lowercase letters, numbers and symbols. Another crucial thing to remember is this: always use different passwords for different online accounts. Using the same password across multiple accounts just makes it easy for the cyber thieves!

For example, we recently came across a case where a client had her Linkedin account login details hacked. Because she used the same password across all her online accounts, the hackers were able to use the Linkedin password to access her Gmail and Facebook accounts as well. So, having separate passwords for separate accounts is vital. Do not ignore this.

If you’re having trouble remembering all your passwords then use an app like 1Password which you can download to your smartphone or PC. It will safely store all your passwords as well as other personal information like credit card numbers.

Tip: Use the 2-step verification process for your Gmail, Facebook and any other accounts where its available. This adds an extra layer of protection between you and the hackers.

3. Plugins – be careful with 3rd party website plugins

Popular content management systems (CMS) like WordPress allow users to download plugins that perform tasks on your website, for example adding a newsletter sign-up form. However, poorly coded plugins can be vulnerable to hacking so make sure you do your research before adding a plugin to your website. Once you’ve done your due diligence and found the plugin you want, always test it using a test server before going live to make sure it does not conflict with any other plugin, or disrupt any other functionality on your website.

Also, be careful when updating your plugins as the updates may conflict with other plugins already operating on your website. These conflicts could potentially harm your website performance so again, test the updates on a test server.

Tip: do an annual plugin audit of your website and delete any unused or unnecessary plugins to keep your site clean and secure.

4. Email: security steps you can take for increased protection

Email marketing is a highly effective way to communicate with customers so of course it also attracts hackers. There are essentially two kinds of email fraud.

Spam: These are emails from sources you don’t recognise, or have any prior connection to. You know the ones; they usually have amazing special offers written in the subject line. With spam always err on the side of caution; if it’s unfamiliar or looks suspicious and you don’t trust it then don’t open it.

Phishing: Phishing tactics, where email scammers pose as reputable and trustworthy firms, are an unfortunate menace. They only have one aim – to steal from you.

Email fraudsters can pretend to be anyone; your insurance firm, your bank, the local council. Take banking for example; email hackers may pose as your bank to get your login details; Halifax customers were the target of this phishing scam not so long ago.

To defend against email hackers, follow these three simple rules:
I. Never ever click on links or open attachments in a suspicious email
II. Never ever hand over bank details or any other personal data
III. Mark the sender as spam

5. Staying safe on social media

According to research 16% of users have had their email or social media accounts hacked and that’s worrying. Social hacking has resulted in millions of accounts across social channels being compromised. For example, in 2012 over 6.5 million Linkedin accounts were hacked and user’s login details stolen. So as mentioned earlier, make sure you have separate passwords for multiple accounts like your email, Facebook, Linkedin and so on.

Another reason hackers may target social media sites is to hijack a business account, for example, hacking a Facebook page. If a hacker figures out a weak password like your date of birth or the classic ‘1234’ they can take over your Facebook account, then post content that the audience presumes is genuine but which turns out to be a scam. This could potentially do great harm to a brand so businesses must remain vigilant about their security on social media, so make sure to follow the password tips outlined above.

Also, remember, your company social pages are set up via your personal accounts so do the following:

• Ensure admin staff use unique passwords for each social channel
• Be clear about who has permission to post on your page
• Have a social media management policy in place that clarifies the correct response protocol should hackers breach your social accounts

6. Ransomware – what it is and how to beat it

Ransomware is any malicious software that people unintentionally download which blocks access to their computer unless a sum of money is paid. These types of hackers can even pose as legitimate services helping you to unlock your PC but make no mistake – it’s extortion, plain and simple. Unfortunately, these ransomware viruses can be contained in links or attachments inside emails that you open. So again, we reiterate, you must take responsibility for your online behaviour. If an email or a link or an attachment looks unfamiliar or seems untrustworthy, then don’t open it!

Tip: treat online security the way you would your home security. Develop good security habits that make it harder for the cyber thieves. Treat all links and attachments with suspicion.

7. Mobile apps: your smartphone is open to attack too

Hackers will never stop looking for new opportunities to steal from you, so it was inevitable that mobile apps would become a target. Phishing tactics no longer apply to email fraud only; hackers can use mobile apps to pose as reputable firms as well. A ‘phishing app’ on your phone may be quietly recording your behaviour without you even realising it. Your private contacts list, your email account, websites visited – in the cybercrime world this information is like gold. Don’t assume that if an app is available for download in the Google app store that it’s automatically safe because it may not be. Again, do your research, read the ratings and reviews and proceed with caution. As a further security measure, download anti-virus software on your smartphone that will alert you to any malicious activity by an app.

Tip: set up a screen lock on your personal and company smartphones. These locks require users to enter a four-digit pin to open the phone. If you lose it or it’s stolen, the hackers won’t be able to get into it. You can enable this feature through your phone settings.

Key Takeaways

Awareness is the key to defending ourselves online. It’s up to all of us to take responsibility for protecting our personal and business data. Keep your anti-virus subscriptions up to date. Create unique passwords for your online accounts and always use the 2-Step Verification process where it’s available. Research 3rd party website plugins before downloading them to your business site and test them on a test server before going live. Never hand over personal details in suspicious or unfamiliar emails. Use different passwords for each of your social media channels and have a social media management policy in place for administrators. Be cautious with links and attachments in emails, and be careful what websites you visit. Be aware also that mobile phone apps can be used to hack your smartphone.

What to do next

If you’re in business, it’s your responsibility to discuss the issue of cyber security with your web development team and find out what measures they are taking to ensure all your online accounts are as safe as possible.

If you’re not happy with the current service you’re getting, then feel free to contact Digitaledge. We will be happy to discuss your web security needs and outline the best options for you to protect your business online.