With so much critical information being stored online these days, online security is more important than ever. While there is no 100% secure way to protect yourself and your business from a cyber attack, we’ve put together ten tips to keep your information as safe and secure as possible.
1. Back up your data
It’s very important to have a back-up version of all your business data in case of a cyber attack. This back-up will contain an uncorrupted, clean version of your data as of the last date of the back up, which could be invaluable if your computer systems were ever hacked. Some cyber attackers try to ransom your data back to you, and you could find yourself in a difficult situation if you do not have a back-up elsewhere.
If you are using a cloud-based electronic storage system such as Google Drive, Dropbox or OneDrive, you can set these up to automatically back up. If you back up your files onto an external hard drive, make sure to do this regularly to ensure you always have relevant data if you need it.
The same principles apply for your accounting data. If you’re using accounting software such as Xero, Farm Focus or MYOB, these systems are already storing your data in the “cloud”. (For more details on The Cloud, check out our blog post.) If you’re not using an accounting software, ensure you back up your data manually onto a hard drive at regular intervals.
2. Keep your operating system up to date
An operating system is the software that runs your computer, laptop or phone (eg. Windows 1, iOS, macOS). You will occasionally be prompted to update your operating system. These updates include tweaks to improve the performance of your computer but they also often fix vulnerabilities that attackers can find and use to access your system. Keep your OS up to date to avoid these vulnerabilities and keep cyber attackers at bay.
3. Install antivirus software
Antivirus software protects your devices against viruses, hackers and other cyber attacks. This is installed directly onto your device. We recommend purchasing antivirus software from a reputable company and running it regularly. Be careful when considering antivirus software, especially the free online antivirus software, as these can overpromise and underdeliver or even be fake–and the last thing you want is to pay for an antivirus that doesn’t help.
4. Be smart with your passwords
Use unique passwords for different logins. We know it’s a bit of a pain, but if an attacker figures out one of your passwords, they will be able to get into all of your different accounts that use that password and suddenly have access to a lot of sensitive data. Minimise the risk by creating unique passwords for each platform.
When creating passwords, make them hard to guess by including lower and upper case letters, numbers, and symbols. Do not include any relatively well known information about yourself or your business such as your name, birthday, company name or the year your company was founded.
If you find it a bit overwhelming to manage so many unique passwords, consider a password management software. Software like LastPass is designed to securely store all your passwords and make it easy to fill in the login forms using the information they store. These companies’ business models are based on keeping your passwords safe, so they are very dedicated to doing just that. Do research to make sure you’re engaging a reputable, reliable password manager.
5. Set up Two Factor Authentication
Many cloud based systems such as Xero, Figured and MYOB offer the ability to set up Two Factor Authentication (2FA). This means that in addition to your username and password, you also need to enter a generic code that the software will send to your phone in order to log in. This increases your security tremendously as no one can log into your account without also having your phone.
6. Use creative recovery answers
Often when you forget a password or don’t have your 2FA device on hand, you will be given the option to answer security questions. Common questions like your pets name or your mothers maiden name can be easy for an attacker to discover. Enter creative answers that aren’t necessarily true–but be careful not to forget them! Add them to your password management software if you use one.
7. Be cautious of free wifi networks
Be careful using free wireless networks or hotsports. These are open networks so an attacker could easily watch what you are doing and use this to gain access to your device or use information they see on your screen to attack at a later date. Review your critical business data at work or home where attackers are less likely to strike.
8. Be careful what you post on social media
Attackers can use information that they see on your social media to attack you or gain access to your accounts. Set your privacy settings so only friends and family can see what you post.
9. Check bank statements regularly
Suspicious transactions on your bank statement can be the first tip off that someone has gained access to your data. The transactions might just be small everyday purchases as the attacker tests the information. Contact your bank immediately if you identify unknown transactions.
10. Get a credit check
Go through an annual credit check. This will alert you if someone is using your name and data to apply for loans and credit cards!
For more information on Cyber Security, check out www.cert.govt.nz
