Guide to Internet Security for Business
The rise of the digital world means that almost every business in the UK is reliant on the internet as a core utility, like water and energy. Communicating with clients and suppliers, marketing, selling, and buying all happen increasingly online. Just like in the physical world, all companies need to take steps to protect themselves online.
Most companies will take steps to invest in security for their property and the safety of their staff and assets. Sometimes, online security can be forgotten. The risk can be greater than you imagine, even small businesses can be targets for hackers and ransomware.
Our guide covers the basics of internet security for businesses. We give you some handy tips and explain some of the key terms you should be aware of.
Protect your network
Network security is very important to the overall safety of your business online. Network security includes access to your website, intranet and social media platforms, servers, files and data as well as control of your Wi-Fi network and connected devices.
There are several ways that you can protect the usability and privacy of your networks, using both hardware and software:
- Comprehensive security policies.
- Access authorisation settings.
- Email security tools, such as passwords and automated blocking.
- Anti-virus and anti-malware software.
- Transferring to an encrypted cloud-based network and Wi-Fi.
- Complete regular secure back-ups, particularly of business-critical data.
- Seek professional advice if you don’t have the technical knowledge in-house.
Inform your staff
Effective IT policies must be read and understood by employees. As more and more people turn to remote and home working, protecting online security of your business can become more challenging. As staff access systems from non-commercial premises, the online risks can be increased.
How should I involve staff in internet security?
- Provide online security training and updates to staff.
- Provide guidelines for online safety while working from non-business premises.
- For example, using a VPN service from public Wi-Fi
- Be aware of the risk to the integrity of your network from mobile devices, as well as laptops and desktop computers.
- Advise staff to report incidents or loss of equipment immediately.
- Ensure that data that is shared to your network by employees or other users working remotely is encrypted.
Alongside keeping your network and online information secure, you also need to be aware of your broader data protection responsibilities.
Under the 2018 Data Protection Act, any company or organisation that holds personal information has to adhere to the data protection principles. They include handling data appropriately and ensuring it is only used for specific agreed purposes.
Cyber criminals are often interested in accessing data, and you have a responsibility to make sure it is kept safe from hackers and other online threats.
How can I manage data security?
- Introduce effective password policies.
- Limit access to sensitive, personal and financial data.
- Ensure staff are trained on data protection policies and practices.
Threats to your online security
Viruses and malware
Viruses and malware are perhaps the best know threats to online security. Malware is a general term for any malicious software, it can include viruses, trojans and worms. A virus is a specific type of malware that self-replicates like a virus in the body. They can grant access to external persons, harm your computer or network and cause disruption or crashes.
How can I protect my business from viruses and malware?
- Install and update antivirus software regularly.
- Be aware of social media use at work, viruses can be spread easily by seemingly innocuous links or messages.
- Consider limiting downloads of apps and files
Phishing is a fraudulent attempt to access sensitive information or gain access to systems by sending an email pretending to be from a reputable source. Usually, they include links to external pages.
How can I protect my business from phishing?
- Inform staff about the threat of phishing.
- “If in doubt, don’t click” should be the advice to employees. Never click on a link or open an attachment from an unknown source.
- Install phishing filters on work computers.
Hacking is when an unauthorised person can gain access to your system or information. Usually, this can be done because of weaknesses in your system or because of human behaviour, such as weak passwords or poor decision making.
How can I protect my business from hacking?
- Introduce two-factor authorisation to system access where possible.
- Establish password standards or use a password manager.
- Make sure staff are aware of the dangers of hacking.
Even small businesses must take steps to establish effective security protocols to manage the risk of online threats. While most hacking and malware attacks are aimed at large corporations, small businesses can still become victims of online crime. Particularly if security is lax. It is estimated that only 40% of UK businesses have adequate online security measures in place.
The cost of cybercrime can be high, running up to millions of pounds in extreme cases. Losing access to key accounts and systems can in extreme cases halt business operations. Implementing cybersecurity defence plans, therefore, is a sensible preventative measure to ensure your business can keep operating.
That’s why it’s important not to wait and to take action before it is too late.
The National Cyber Security Centre runs a government-backed scheme called ‘Cyber Essentials’. This service provides tools, support and certification to secure your business from cyber threats.