stock.adobe.com

Small business guide: How to keep your organisation secure from fraudsters and hackers

Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters

In the time it takes you to read this sentence, three attempts to hack UK businesses will have taken place. By the time you finish this article, 15 businesses will have had their security successfully breached.

Your business has a one in three chance of being the victim of hacking in a 12-month period – and that is just a conservative estimate. Many businesses simply don’t know they have been hacked or feel compelled to cover it up.

With data sources growing, interconnectivity ever increasing, technology getting more complex and hackers becoming more sophisticated, it can seem like the odds are stacked against most business owners. But the reality is that most businesses don’t take full advantage of apps and services that can protect them.

There are two important things that are fundamental protections against hackers. The first isn’t really a tool at all – it’s simply your staff’s training and processes.

Many hacks aren’t sophisticated at all. Rather, they are more confidence tricks. Training your staff how to spot attempts from fraudsters to get more information through phone calls, email or in person is a critical line of defence. They will also need to be aware of common phishing methods, which remain the number one attack vector for fraudsters.

Beyond that, every business computer needs to have a proper antivirus program. It’s a simple, basic solution, but also one that can help stop most attacks. The important thing – and I can’t stress this is enough – is to keep your antivirus updated.

Let’s look at some of the most common cyber security tools you’ve probably heard of, and how they help to secure your online data.

Password managers

Password managers help to solve the problem of weak password reuse. People have online accounts for multiple services, and a common vulnerability is twofold: not only are the passwords that they use very weak (such as “password” or “qwerty”), but they are also using the same password for most of their accounts. If one site is hacked, fraudsters will buy the details and try to use those passwords to attack your business.

Password managers such as LastPass or 1Password allow users to create strong passwords, and users won’t need to remember these complex passwords. They will only need to remember one master password to access all their stored passwords, which are auto-filled when they visit their sites.

Important points

  • Don’t rely on default “password managers” in Firefox. Anyone can see and record your saved passwords by simply checking the saved passwords.
  • Dedicated password managers don’t present much danger: while password managers have had security issues in the past, important user passwords are largely safe.

However, one big risk here is that, although password managers make it easy to create and store strong passwords, they also make it easy for fraudsters to gather your passwords. If the master password is easy to crack, then all those strong passwords will be in their hands. Also, if you forget the master password, it can be difficult or even impossible to access stored passwords. A way around all of these potential problems is to set up two-factor authentication (2FA).

VPNs

Virtual private networks (VPNs) are strong cyber security tools that work by first encrypting a user’s data and then sending all that data through their own servers. This way, they perform two crucial cyber security tasks: they anonymise users any time they are online by hiding their IP addresses, and they also encrypt data so that even if fraudsters intercepted it, they’d need more time than the age of the universe to decrypt that data.

Important points

  • Unfortunately, the effectiveness of this protection really comes down to the VPN. Low-quality VPNs can be quite dangerous. They will probably use easy-to-crack encryption, a back-end infrastructure that’s vulnerable to man-in-the-middle (MITM) attacks, or can be located in privacy-unfriendly countries such as Russia or China.
  • Free VPNs can be quite tempting, but some, like Hola VPN, are guilty of selling user data or bandwidth to third parties. They may also use weak encryption, which will allow fraudsters to easily decrypt sensitive data, or expose users’ real IP addresses.

Beyond that, free VPNs will have limitations on the amount of data used per month, which can cause businesses to only use them selectively, thereby defeating their real advantage of 24/7 online protection. In short, don’t scrimp on your VPN technology – do your research and be willing to pay for a reputable brand.

Ad blockers

Ad blockers have a love-hate relationship in the business world. They are pretty great at blocking intrusive ads and popups, and some, like Ghostery, are quite capable of blocking scripts that can lead to clickjacking.

However, because they can block some important elements as well, active ad blockers will cause some online services to not work correctly.

Beyond that, there are quite a few dangers with choosing the wrong ad blockers. Some popular, high-ranking ad blockers on the Google Chrome extension store are actually malicious, sending users to random sites, tracking them without consent, and even partaking in clickjacking. As with VPNs, due diligence needs to be undertaken. Consult independent reviewers from reputable sources before making a purchase.

Secure browsers

For the most part, mainstream browsers such as Chrome or Firefox have become increasingly secure. Nonetheless, they’re not the best for privacy, because they still track your activity and send your data to third parties.

Anonymous browsers, also known as private or secure browsers, help give users back control over their privacy. This can be good for businesses that don’t want their activity tracked. These browsers can also help avoid vulnerabilities that might allow hackers to exploit loopholes in their coding.

Anonymous browsers come with their own drawbacks. For example, Tor browser allows for high levels of security and privacy, but by simply using it, you may be flagged as suspicious by various governments around the world.

You should also beware of free or top-ranking extensions in the Chrome store or apps from Google Play. These are from unreliable developers that may be highly vulnerable to attacks.

The bottom line

When it comes to cyber security, the old adage applies – do few things, but do them well. Every business should have:

  • A regularly updated and secure web browser.
  • A regularly updated antivirus.
  • A good password manager – with a strong master password.
  • A strong VPN.
  • Staff trained in spotting common phishing and blagging techniques.

When these are done well, your business will be able to avoid virtually all common attacks from opportunistic fraudsters.

Read more on Security policy and user awareness