Back to Fluid Thinking
10 simple ways businesses can protect themselves online
In 2014, it appeared that there wasn’t a celebrity on earth who hadn’t had naked pictures stolen from The Cloud. Perhaps there were more, but the infiltrators decided to leave Bruce Forsyth’s butt cheeks out of the public eye.
Now I’m a school child of the noughties, so I grew up around the internet, computers and even saw the mighty Nokia 3310 slowly die to be replaced by the iPhone domination. So I’d say I’m from a pretty techie generation.
But the intricacies of having our lives online (that’s everything from buying socks to applying for a loan) alludes even those of us who should know about the net. When something precious to us is broken into – be that a Twitter account, company website or general online fraud – we’re left shaking our fist at the sky and wondering why the cyber police never came and told us to lock our metaphorical windows.
If you operate all or part of your business online, then you’ll be aware of how devastating an attack could be. These tips are simple enough for business owners to implement without spending too much time or money.
If you have any specific queries, shout out in the comments and we’ll get our team on it.
1. Start with the basics – make your CMS admin panel d1ff1cult 2 [email protected]
Working from ‘just another WordPress site’? Make sure it’s not just another ‘admin’ log-in too. Your CMS shouldn’t have any easy ways in and although it might be inconvenient, you’ll want to change your secure log-ins every time a member of staff leaves your company.
Have secure usernames and passwords for all accounts and avoid the obvious choices such as ‘admin’ or choosing descriptive business passwords (i.e. road names). If you can, don’t have your generic company email as a social log-in either, an internal address is much more secure then info@…
You can also conceal the URL to your site admin (for example typically URL/wp-admin), however this will require the skills of a developer.
2. Update out of date versions
New CMS updates aren’t just about shiny new features, they’re often designed to address known bugs and plug any holes. Ask your developer to enable automatic WordPress updates by adding a filter to the functions.php file. This will allow both themes and plug-ins to be updated when they come available.
While it’s tempting to hit the ‘update now’ link, unless you’re a confident web developer, ask a pro to update it for you. Problems can arise which take seconds to implement yet hours of time (and money) to undo.
3. Vulnerable plug-ins
Our MD always highlights that too many plug-ins can lead to more vulnerabilities. Like a house with additional doors, it’s more potential weak spots to infiltrate.
With literally thousands of plug-ins available, over the lifespan of a site you can pick up quite a collection that then get behind on updates and pick holes in an otherwise iron-clad site. Now we love plug-ins, so by any means, treat yourself.
Just ensure you have the resources to update them and pick peer reviewed options carefully. If the plug-in delivers a function you potentially won’t use on a regular basis, consider whether you really need it.
4. Back-up your site
If you don’t know whether your site is backed up or not then find out now. Most web development companies will be aware of the importance of this, but if your site was built years ago or commissioned by somebody else in the business, you’ll need to find out whether or not you have a back-up in place.
5. Lock down your WiFi
Free-for-all and poorly protected WiFi gives thieves the opportunity to access your private data. If you’re working in a public space (even if it’s on your own machine), an unsecured internet connection can allow people to track your actions.
Aside from a seriously complicated password, you can anonymise your WiFi handle using tools such as Cloak. If you share your password with people visiting your business premises then consider changing your details regularly to avoid any potential snowballing.
And let’s be honest, you don’t want some chancer downloading all the Game of Thrones seasons using your juice.
6. Protect your mobile device – is it needed?
A lot of confusion surrounds security and mobile devices. No one’s quite sure if we need it and the popularity of the iPhone/iPad has added to this. While Android is a little more of a question mark (developers can offer their own apps), Apple iOS devices are notoriously secure.
However, they haven’t been unbreakable and there’s still some guidelines you should follow regardless of your operating system:
• Only download from official app stores.
• Back up your data and know how to erase data on a stolen device. Find my iPhone & Android Device Manager allow you to do this.
• If you provide your staff with devices then implement a safety policy to ensure data is protected and rogue apps aren’t being installed.
Going for Android? Consider installing mobile security software such as Kapersky. If you’ll be accessing sensitive data or opening numerous attachments via email or text, this will give you a heads up and block anything suspicious.
7. Check for secure connections
When you’re next deliberating whether it’s acceptable to buy more from ASOS, Firebox or Amazon (insert personal vice here), check your connection is secure before inputting sensitive data. Naturally we tend to trust the biggest brands, but as a general rule check for the https protocol.
This tells you the connection is secure and is usually accompanied by a padlock symbol.
8. Always access via a known source
Don’t access sites which require sensitive data from links – even if it’s from a friend. Beware of downloading or clicking on unknown links too – this was a major blame factor in the recent webcam hacking scandal.
9. Know any dodgy signs & use your anti-virus to its full potential
Aside from the obvious disasters (i.e. data leaks), you can check for issues using a number of free and easy tools:
• Microsoft Security Scanner is free and very useful.
• Most of us under-estimate the usefulness of our anti-virus. For example Norton has a great ‘updates’ feature which keeps users aware of any topical threats.
• Use Google Webmaster Tools to your full advantage.
In the quest for the best search experience, we’ve all come across the Google SERPs warning ‘this site may be hacked’. Webmaster Tools is a useful ally, so ensure any email updates are sent to a relevant, regularly checked email address. On your site dashboard there will be a ‘security’ issues feature which helps identify any problems and gives guidance on how to correct it.
10. Pay via PayPal… but don’t assume you’re invincible
PayPal is quick, easy, offers seller protection and will allow multiple people in your company to make payments without directly using your credit card. However it’s still vulnerable to hackers and should be treated accordingly. Make sure you’re regularly checking any transactions and only tie your account to a credit card – not a bank account.
This ensures that you’ll have protection from both PayPal and your credit card provider.