Are you worried about all the cyber attack news that’s dominating the media these days?
If you’ve googled “cybersecurity” to find resources, tools, and support and ended up getting overwhelmed, take a deep breath, relax and smile.
You’ve reached the right place to get some help.
Don’t worry too much about it. Most probably, you’ll get hacked anyway when you start making some money, no matter what you do or how much you spend.
The bad boys come up with new tricks every day!
Check this link to see if your email has been hacked or compromised before:
Don’t think you’re business is too small or that you have nothing to hide. Hackers don’t care! They’ll find something to hack and exploit data from your business.
Check this live map to get an idea of how many attacks are taking place every single second:
Don’t worry about it. Just be prepared so if you get attacked, you don’t panic and you know what to do. Transparency and timely response are very important.
So you just need to learn a little bit about cybersecurity. This article doesn’t include everything. Be prepared. Arm yourself with the resources, tools, and support to get your back covered when necessary.
This article will not cover GDPR. You can get your free 12 Tips To Bulletproof Your Business Against GDPR Fines Now!
Here are some tips you can easily implement to reduce your business, legal and operational risks that may relate to a cyber attack:
1. Protect your Devices
Make sure each of your business’s computers is equipped with antivirus software and antispyware and update regularly. That also applies if you’re using a mac. Macs also get viruses, contrary to popular belief.
2. Secure your networks
Safeguard your Internet connection. Use a firewall and encrypting information. Use a VPN (Virtual Private Network). If you have a Wi-Fi network, hide it by setting up your router to do so. Also, password protect it. Apple and Cisco have secure routers.
Nord VPN: https://nordvpn.com/
3. Encrypt Your Files and Emails
It’s good practice to encrypt your files. This applies to files at rest and on the go including emails and attachments. Protonmail is a good Swiss option for emails. Boxcryptor and Whisply are good German tools for files and email encryption.
4. Protect Information, Systems, and Process
Have policies on how employees handle Intellectual Property, important or personally identifiable information, and sensitive data. Only give access to those who must have it.
Make sure employees know what to do and to whom to report if they lose access or get hacked.
It’s good practice to make a vulnerability test and an attack simulation to make sure you know what to do if you get attacked. Having an incident response plan in place is of utmost importance. Berkeley University has a good resource for that (link below).
Consider using anonymous, pseudonyms and project codes for your work, clients, employees, vendors, suppliers, contractors and subcontractors.
Nist has a good framework you can follow in this regard.
Here are the links:
Nist framework: https://www.nist.gov/cyberframework
5. Use Strong Passwords
Consider two-factor authentication. It requires additional code to log in. Google Authenticator is a good app for this purpose.
Use a password management system like LastPass so you don’t have to memorize several passwords or use one password for all your sites and apps.
Here is a list of the most used and hacked passwords everybody still uses:
If you use any password on this list, make sure you change it now!
6. Secure Your Website
Only install plugins you are actually using. Make sure to backup and update your devices and plugins regularly. Delete anything you don’t need. Always stay on secure browsing (https://).
Here is a secure browsing plugin for WordPress:
Use ad blockers and check how identifiable you are on the internet in the link below and discover what you can do about it here:
You can use the services of Sucuri, and plugins for WordPress including Limit Login Attempts for WordPress, Wordfence, and Ithemes Security.
7. Backup Your System
Regularly backup the data on all computers in three different places. One backup should not be connected to the internet.
You can use Box for backups: https://www.box.com/en-gb/home
8. Control Physical Access
Prevent access or use of business computers by unauthorized individuals.
Control the entrences and exits points to your computers’ rooms.
Keeping a log or time stamp system is a good practice.
9. Secure Mobile Devices
If mobiles can access your system, require users to password protect their devices, encrypt their data, install security apps that can lock the devices or delete its content.
Hoping this is not too overwhelming for you so far!
With the GDPR coming into force in May 2018. There will be very severe fines and consequences if you are in breach. This constitutes major legal and reputational risk for your business.
There is no need to panic. Just check out your situation. Make an assessment, and try to consistently improve.
Historically, most of the hacks have been human-engineered. Meaning they’re mainly human faults that result in cyber attacks and information being compromised.
You’re as weak as your weakest link. Just be careful and pay attention. Have the right resources, tools, and support around just in case. Don’t wait until the last minute.
Be prepared, honest and transparent if you get attacked. Time is of great essence especially when it comes to reporting to the competent authorities in your country.
Turn this potential threat into a challenge where you can improve, identify your weaknesses, progress, and learn from your mistakes. Think about it as an opportunity to grow and make your business more resilient.
That being said, I hope you found these tips helpful. Please don’t hesitate to contact me should you need any help or if you have any questions.
Wishing you the best of luck and success.
As a corporate lawyer and certified IP / cybersecurity professional, I manage https://ecorporate.lawyer that helps entrepreneurs, business owners, and investors set up, manage, and protect their investments. Here at E-Corporate Lawyers, we offer our magic circle lawyers and law firms legal, marketing, and management consultancy to grow their online businesses and online presence.
N.B: This article doesn’t cover GDPR. You can get your free GDPR ebook here to bulletproof your business against fines today!