In this post, we share some key cyber security tips that can significantly reduce the risk of your business being compromised online.
Running a business that relies heavily on online systems can sometimes feel very scary.
The news is frequently filled with reports of companies being hacked, along with the disastrous consequences they face — financial losses, regulatory and legal action and angry customers.
However, by making some simple changes to the way you approach cyber security, you can significantly reduce the chances of being hacked or scammed — and we spell the key ones out for you below.
Let’s dive in with a look at something we all rely on: Wi-Fi.
1. Be extremely careful when using public Wi-Fi
Public Wi-Fi makes it easy to to use your laptop, tablet or smartphone online almost anywhere — and can be hugely useful.
However, the security of public Wi-Fi connections can vary enormously, from none to ultra-secure, which makes using them a gamble.
So, if connecting outside your office or home…
Consider using your own portable Wi-Fi hotspot
Mobile Wi-Fi hotspots are small devices that lets you use the Internet when you’re out and about. They can be either standalone devices or USB dongles.
Usually small enough to fit in your pocket, they connect to mobile broadband, and provide a Wi-Fi signal that you can connect your laptop, tablet, or smartphone to.
By using your own portable hotspot, you can avoid the interception of your online communications, and keep your devices secure.
Tether to your phone
Smartphones usually give you the option to create a personal hotspot that you can ‘tether’ your computer to. From a security perspective, tethering is nearly always preferable to using public Wi-Fi.
There are a couple of things to be aware of when tethering to mobile devices, however.
First, using your smartphone as a Wi-Fi hotspot can really burn through your data allowance — so if you envisage tethering regularly, make sure that you have a data plan that will cater for this.
Second, mobile tethering can be quite taxing on your phone’s battery — so you may wish to consider plugging your phone in whilst doing so.
Use a VPN
If you are intent on using public Wi-Fi networks rather than personal hotspots, then it’s best to connect to them via a Virtual Private Network (VPN).
A VPN is a piece of software that encrypts data sent between two devices over the Internet, which means that even on an unsecure network, your data remains protected.
(Most firms that offer their staff remote working implement some sort of VPN.)
Now, if all this sounds a bit like your business suddenly needs to invest in building an IT department, don’t worry — setting up a VPN doesn’t necessarily need to be complicated or expensive! Most modern web browsers (Chrome, Firefox, Edge, Safari etc.) allow you to install a VPN plug-in or extension very easily.
Now, most professional VPN solutions are sold on a subscription basis with a monthly or yearly fee; although free VPN tools are available, these usually come with a bandwidth limit (on how much data you can transfer, and how fast).
So it’s best to use free VPNs for trial purposes only, or if you have very basic requirements where data bandwidth is concerned.
As well as improved security, VPNs also bring another benefit — they make it possible to connect to the internet from another country. While this is commonly used as a naughty way to get around region restrictions on streaming services, it can also have legitimate business uses, particularly if you operate in multiple territories.
For example, at Style Factory, we find VPNs useful for seeing how our content performs in different countries’ local versions of Google, or for checking how the ecommerce products we review are priced in different territories.
2. Ensure your home network is set up safely
Many of us work from home these days, and assume that when we’re connected to own home Wi-Fi, we are fully protected from cyber criminals.
Unfortunately, this is often not the case.
Poorly configured home networks can be extremely vulnerable to hackers. Some may just want free Wi-Fi; some may want to cause damage and some may want to use your Wi-Fi to commit illegal acts.
So, there are a few essential steps you should always take to beef up your home network’s security. Let’s go through these.
Change your router’s default network name, Wi-Fi password and administrator login
Most routers come with a default network name (also known as the ‘SSID’), a Wi-Fi access password and an administrator login.
Default network names often contain the name of the router manufacturer or your Internet Service Provider (ISP), and this can give vital clues about your device to anyone trying to break into your network. If a hacker knows who made or supplied your router, it allows them to concentrate on attacks known to reveal its default Wi-Fi password and administrator login.
So, it’s best to change all these credentials.
The way you change these names and passwords varies by device manufacturer and ISP — so it’s best to refer to manufacturer’s instructions here — but in many cases you can access the router’s admin dashboard by typing https://192.168.0.1 into the address bar of your browser.
Move your router
Most routers end up towards the front of a house, as this is usually where the physical connection to your broadband service is located.
However, this means that your Wi-Fi signal is broadcast to the street at the front — and the further the signal extends, the easier it is for someone outside your home to spot and connect to your home network.
While it’s not always easy to move a router, and may sometimes involve commissioning your broadband provider or an IT professional to extend network connections, doing so is worth considering if you are working in a business niche where network security is particularly important.
Set up separate networks for different devices
Most home networks end up with many different devices connected — iPads, laptops, phones, smart TVs, security cameras and even domestic appliances.
Each of these brings security vulnerabilities — but by keeping different device types on separate networks, you can reduce the risk that if one is hacked that the attacker will gain access to all your devices.
Most modern routers let you create different networks for different applications — personal computers, work computers, gaming, smart home appliances etc. However, not all do, and configuration can require some technical knowledge — so you may need some support from your router’s manufacturer or broadbrand provider with this.
In some cases, you may need to invest in a more sophisticated router — particularly if you regularly mix professional network use with personal use (as, in the context of Covid-19 and increased home working, many of us now do).
Create a guest network for visitors to use
When friends come to stay at your home, one of the first questions they’ll often ask is ‘What’s the Wi-Fi code?’ And this information is usually freely given to them!
However, because you usually have no idea about how your guests’ devices are configured — i.e., whether or not they use firewalls, anti-virus software, up-to-date operating systems etc. — letting them log onto your main home network can be very risky.
Malware is often able to spread itself over a local network — so if an infected device is connected to your Wi-Fi, it has the potential ability to contaminate any of your devices that are also connected to it.
So, it’s much better to let your visitors access a dedicated guest network. Creating one will involve a similar process to that described for the separation of home and work networks above.
Consider using a mesh network
Mesh networks usually consist of two or more Wi-Fi access points, one of which connects to your router, with the others being placed around your house, giving full Wi-Fi coverage.
Mesh network devices usually have additional tools not included in the router provided by your broadband provider — including anti-virus protection, content filtering and options to setup multiple networks and usage limits (handy for limiting the kids’ time on the iPad!).
3. Keep your devices secure
So far, we’ve looked at what you can do when connecting to a network to minimize the chances of getting hacked. However, it’s also really important to ensure that you take steps at a ‘device level’ to ensure security too.
Let’s explore these.
Use anti-virus software
Having anti-virus software running on your Windows or Mac computer is absolutely essential. And don’t be fooled by the old “Macs don’t get viruses” line — they definitely do!
Recent versions of Microsoft’s Windows and Apples Mac OS include in-built antivirus tools — Defender and Xprotect respectively — and these are in many cases sufficient. The key thing is to make sure that they are switched on and up to date (more on keeping software up to date in a moment).
There are a number of other cyber security suites that can be purchased, perhaps the best-known of these being produced by Norton and McAfee. Whether it is worth paying extra for the additional features that these security suites offer will depend on your specific needs.
Make sure your Firewall is switched on
A firewall is a tool that monitors your network connection and prevents unauthorized applications and services from accessing your computer. It’s important that this is switched on — you can find instructions for doing so on a Windows device here, and on a Mac here.
Keep your software up to date
Online threats are constantly evolving and, in response, operating system and software vendors are having to constantly produce updates and ‘patches’ to ensure continued protection.
With modern operating systems, the update process is largely automated, but it is worth checking from time-to-time that your system is fully up to date — follow the below links for details on how to do this for some of the major platforms:
Ensure your device is protected by a PIN or biometric data
Entering a PIN or swiping your finger over a scanner each time you need to use your device can be a pain, but from a cyber security point of view, it is absolutely worth the effort.
Protecting your device in this way means that if it is lost or stolen then it cannot be unlocked without the appropriate code or your biometric data — so ensure that you have a PIN, touch ID or facial ID set up on it.
Encrypt the data on your device
Encryption scrambles data files so they are unreadable, unless you have the key.
This key is usually a password, but you can also unlock data using a physical device like a USB stick.
Encrypting your data is definitely worth considering if you use a laptop or other portable device that contains sensitive information — if the device is lost or stolen, you will at least know the data cannot be used.
Encryption tools are often built into operating systems — Mac OS includes FileVault and Windows comes with Bitlocker. Encryption on Android devices is generally available, but varies according to which version of Android is running and the manufacturer of the device.
4. Password protect your online accounts properly
Most online services you sign up for require you to use a password — and it can become a chore to constantly come up with passwords and then remember them, leading to a lot of people choosing weak, easily guessed passwords.
But it is important to ensure that your passwords are fit for purpose — here are a few ways to ensure they are:
Use strong passwords
What does a “strong” password look like?
Well, two factors affect the strength of your passwords — length (how many characters they contain) and complexity (what types of characters are involved).
Most cyber security experts now recommend against using random sets of characters (e.g. “eG*#1xY&48”) and suggest using a combination of random words, numbers and special characters (e.g. “&UnderneathHousesWeather!2”) — these passwords end up being longer, stronger and easier to remember.
Never reuse passwords
It can be tempting, when you have multiple systems needing a password, to use the same password over and over again — but this should be avoided. This is because with this approach, once a password is compromised on one system, it becomes compromised on all the systems you also use it to access.
Don’t use shared logins
If at all possible, don’t share your username and password with employees or external suppliers. If something is done incorrectly using this login, either by accident or deliberately, it can make it considerably harder to work out who was responsible.
Instead, create a user account for anybody who needs access to a particular system instead.
Consider using a password manager
Password managers are services that can create and remember passwords for you. They just require one ‘master’ password to manage a ‘vault’ of all your ones.
This may sound like a less secure approach — i.e., if someone gets your master password, then they get all your passwords. However, only having one password to remember means you can make it very strong. Furthermore, password managers all use the highest levels of security to keep your data safe.
Most password managers can be used across multiple different operating systems — Windows, Mac OS, iOS, Android etc. — meaning that you have your passwords with you wherever you are.
Use Two Factor Authentication (2FA)
The traditional username plus password login is considered “one-factor” — i.e., you only need one thing (in this case your password) to access an account.
Adding a second factor — for example a code generated by an authentication app or biometric data (fingerprint or facial recognition) — can make it much harder for anyone to compromise your accounts.
Write down your passwords
Now, I am pretty sure you are looking at this one and thinking “Write down your passwords? Really?”
Well, in some cases knowing that you can refer back to a password written down somewhere can give you the confidence to come up with a more complex, unique password that is harder to crack.
Of course, never leave your passwords ‘out in the open’ — we are not suggesting writing a password down on a post-it note and leaving it on your computer monitor, but paper is notoriously hard to hack if you keep it safe (possibly in an actual safe).
So long as you are careful, storing passwords on paper can be absolutely fine – and can give you or others emergency access to an account when it is most needed.
5. Be alert to online fraud methods
Cyber security isn’t just about preventing access to systems — cyber criminals can compromise your business using online fraud.
There are two key types of online fraud to be aware of: advance fee fraud and payment direction fraud.
Advance fee fraud
Advance fee fraud has been around for a long time. The fraudster pretends to have something of value that their target wants and will give it to them for a fee.
Of course the fraudster does not really have that “something” — and simply pockets the fee.
Advance fee frauds are popular because they are low effort, low risk crimes. Most are conducted via email or SMS, allowing thousands, or even millions of fraudulent messages to be sent at minimal cost: the fraud does not need to have a high rate of success to earn the criminals a lot of money.
Common types of advance fee fraud include:
- “Nigerian Prince” scams
Ever received an email promising you $10,000,000 from an overseas prince or distant, long-lost relative? Most of us have — they have been doing the rounds for over 25 years! These emails are part of a scam which typically involves promising the victim a huge sum of cash in return for a small upfront payment. When the victim makes the payment, the fraudster either requests a number of additional fees — or disappears.
- Parcel awaiting delivery
The growth in online orders means we are often flooded with messages about deliveries from multiple firms. It can be difficult to work out which alert belongs to which order — and this has been exploited by criminals sending out fake messages, usually via SMS, saying your package is held up pending payment of a fee. Of course, there is no package and the fee is pocketed by the criminals.
- Fake subscription renewals
Along with online shopping, the growth of online subscription services — from Amazon Prime to Netflix to Microsoft 365, has presented fraudsters with opportunities. By sending fake notices about your subscription, they not only can steal money but also gain important information about you (by having you complete bogus forms).
You can protect yourself from these scams by
- being alert to them — awareness is key to fraud prevention
- checking that any phone numbers or email addresses used by the senders correspond to official contact details of the companies involved
- calling the official numbers of any organizations contacting you to confirm that the correspondence is genuine.
Payment Redirection Fraud
Payment redirection fraud is unfortunately common, particularly malicious and can result in huge losses for the victim.
With this scam, a fraudster typically emails a business posing as an existing supplier. They invoice for a product or service (one that the business was expecting to pay for), saying that their payment details have changed, and requesting that the business pay the money into the revised (and fraudulent) account.
This fraud is particularly harmful, as it impacts both the sender of the money and the legitimate recipient; it can affect everyone from individuals to large corporations.
You can protect yourself against this sort of fraud by:
- remembering that businesses change bank accounts very infrequently — and to be suspicious of any ‘payment detail change’ requests
- phoning your supplier (using the existing number you have for them, not those on any invoices received) and double checking that any request to change payment details is in fact genuine.
6. Consider cyber insurance
Many businesses are quick to buy public liability or professional indemnity insurance — which generally protects them against ‘offline’ risk to their companies. However, they often neglect to protect themselves adequately from online threats, where for many businesses, the most risk actually lies.
Even with a lot of security precautions taken, things can and do go wrong for businesses online — so it’s a good idea to buy insurance policies that have a cyber security dimension (or, better yet, to take out a dedicated cyber security policy). This cover can help you in the event of a ransomware attack, or pay to clean up the mess after your systems have been hacked.
Purchasing cyber insurance is of course something that you’d need to get professional advice on — different business types will require different policies and levels of cover. But it is something to definitely consider seriously as part of a package of measures to protect your business from cyber attacks.
Resources and organizations that can help with cyber security
We hope our cyber security tips have helped you identify some of the key ways that you can reduce the risk to your business from cyber crime.
If you have any concerns about cyber security, there are many official agencies that can help, offering support on cyber security and advice on how to keep you and your business safe online. A few of these are listed below.
And finally, if you have any queries about helping your business become more secure, do feel free to leave a comment below!