Protecting your online business: Cybersecurity and beyond

In this piece, brought to you in association with .co.uk, the number one domain for British business, SmallBusiness.co.uk looks at the key things to consider in regards to online security and IT education.

For an SME, without the same resources available to a larger enterprise, seeking expert assistance from a reliable third party on IT security, or educating yourself about it, is as important as accounting, tax and law.

As a priority, SMEs should look to address how they access online systems and services. In a world where an ever-increasing number of business services are accessed online, proper authentication is one way to ensure that users connecting to services are correctly identified and their instructions are genuine.

David Harley, senior research fellow for computer security company eset.co.uk says that, at a basic level, authentication can simply consist of a unique username and password known only to the user. ‘Log in details should be regularly changed to increase your online security. To further increase security you should install additional levels of authentication to all online systems and services you and your employees use. An example of this is a Virtual Private Network (VPN) which enables remote users to authenticate themselves before accessing an organisation’s network,’ he adds.

The more levels of authentication users have to go through, the more this will increase your website security and decrease the risk of cyber security threats. Harley says that using ‘multi-factor authentication’ is much more secure. This is an approach which requires people to use two or more of the following:

  • a knowledge factor (something only the user knows),
  • a possession factor (something only the user owns), and
  • an inherence factor (something only the user is).

‘These provide a powerful yet hassle-free alternative to the traditional static password.’

The most effective solutions to increasing your online security are those designed to use a company’s existing infrastructure, with little additional cost to the organisation and which make use of technology readily available and familiar to employees such as smartphones.

‘For some very small home-based businesses with little to no technical computing knowledge, technical support scams should be a concern. Scammers have been known to contact home users claiming to be support reps who have found a corrupt system on their network, which can be fixed for a not-so-small fee,’ adds Harley. ‘Over the years a number of scams have also relied on finding small businesses without much in the way of ‘in-house’ expertise in technology or law, again proving the necessity of seeking a reliable third party for IT.’

Using friends to build sites

Henry Lewington, managing director of self-build website company webeden.co.uk says that company owners should exercise caution when considering the possibility of using ‘friends’ to build sites. ‘Be warned – friendships end, and quite often the argument and bad feelings start with the website building project,’ he adds.

‘Next thing you know, your website has gone down, and your ‘friend’ is nowhere to be found! It happens, and it happens often.’

To help avoid this situation, put an agreement in place and ensure that your website name is registered to the correct entity – your name or your business name. A big part of keeping your website safe is also keeping your domain names safe, so it’s really important to keep your registration up to date.

It may seem obvious, but good anti-virus software is a must. Bob Wheelhouse, founder of information security awareness training provider BobsBusiness.co.uk says, ‘While it will protect you for the most part (provided you are keeping up with your updates!), you still have to be especially cautious when surfing the web.’

Indeed, new viruses seem to appear every day. In fact around 100 new viruses are discovered each month, so never download software or purchase from a site unless you trust it implicitly.

‘All staff must have a comprehensive understanding of viruses and their effects on not just your systems, but your business’ reputation, continuity and associated financial implications. Consider implementing an information security training programme to help keep best practises at the forefront of your employees’ minds.’

Remote working

Do your staff work remotely? Then you should implement some guidelines for securing their devices, Wheelhouse continues. ‘Firstly, never plug removable media into unknown laptops or PCs, you could be opening up a can of worms. Secondly, don’t connect to public Wi-Fi hotspots unless you have a firewall program installed, and finally, always watch who is around you. ‘Shoulder surfing’ is rising in popularity and you never know who is looking over your shoulder. If you can’t ensure it’s secure wait until you are back in the office,’ adds Wheelhouse.

Jack Buckle, a security consultant at Information Risk Management says, ‘When considering the security of an Internet facing web application, you should consider its purpose and the requirement for your business. The functionality available on a website determines the ‘attack surface’ available to a would-be attacker.

‘Fundamentally, the more website functionality you have, the more potential vectors for attack,’ he says.  ‘Additionally, consider the types of data you are handling through your website and the types of data stored on the back-end. Minimise data and functionality to your requirements; keep it simple.’

There are lots of quick and easy ways to keep your website up to date and appealing to the right audience, for example by frequently adding new, dynamic content, such as blogs or social media updates using widgets and plug-ins.

It is equally important to keep your website and supporting infrastructure up to date. This includes all aspects of its presentation: a well maintained website will potentially be a less attractive target to hackers.

Further reading on cybersecurity

Ben Lobel

Ben Lobel

Ben Lobel was the editor of SmallBusiness.co.uk from 2010 to 2018. He specialises in writing for start-up and scale-up companies in the areas of finance, marketing and HR.

Related Topics

Cyber Security

Leave a comment