Four essential digital security steps for your business

Simon Bramble

Monday 7 November 2016

ThinkBlog’s ‘Securing your business’ series has highlighted the some of the biggest cases of digital information breaches. But it’s not just the Sonys, the Targets and the eBays that are attracting hackers.

Far from it. In fact 74 per cent of small- to medium-sized enterprises (SMEs) reported some form of digital data intrusion in 2015, suggesting they are becoming bigger blips on hackers’ radars.

Why? Resources, or rather, a lack of them in many SMEs, means that vulnerabilities are easier to root out. Which means that, regardless of its turnover, your business needs to audit its digital security provision, prioritise protecting the data that matters most – and accept that breaches are inevitable.

“The bottom line is, CIOs need to accept their company will be breached and shift their security strategy from ‘breach prevention’ to ‘breach acceptance’,” Jason Hart, chief technology officer at digital security experts Gemalto, told the BBC.

Here’s what needs to be checked:

The firewall

Is your network protected by one? If not, it ought to be. It’s one of the most fundamental pillars of any defence against a compromising attack. It shouldn’t be restricted to workplace machines either. If any of your team works remotely, their devices should also be firewall-enabled.

The protective software

Desktops, laptops, tablets – whatever the device, if it’s used for business, make sure it’s protected. While the firewall will take care of your network, it won’t stop malware being installed on various machines. For that, you need antivirus and antispyware protection – and it’s crucial that it’s kept up to date. Hackers look for weak points in every aspect of a digital ecosystem, and that includes the software designed to cover it.

The sensitive data

First, it should be backed up and stored on a number of different servers. Second, you should consider a cloud or off-site storage solution as a contingency. And third, limit the number of people who have access keys. The fewer there are, the lower the chance of details being leaked, unintentionally or otherwise.

The log-ins

If your business isn’t quite ready to say goodbye to passwords, then think about adding another layer of security to them. As Communications Electronic Security Group (CESG) notes in its guidance on protecting businesses in cyberspace: “There are many well documented cases of hackers persuading IT support staff to open up areas of a network or reset passwords, simply by masquerading as someone else over the phone.” An effective way to combat this is multi-factor authentication. For instance, logging into a network with a password, followed by entering an SMS code.

Ultimately, your business will never reach a point where nothing more needs to done to be completely digitally secure. Hackers will never rest, and the code they design gets ever more effective at seeking out weaknesses. TalkTalk chief executive Dido Harding told LBC Radio that she would be “spending more money and more time on cybersecurity because it is the number-one risk” following the internet security provider’s data breach in 2015.

So this guide should be treated as a starting point. To stay abreast of the latest digital security advice, bookmark ThinkBlog.


Building the next-gen data centre

Where traditional and web-scale apps co-exist