Three cyber security New Year’s resolutions for your business and how to keep them.
2018 is upon us and it will be another hugely important year for cyber security. We want to help. That’s why we’ve created three cyber security New Year’s resolutions designed to make your business more secure. What’s more, unlike giving up biscuits, these cyber security New Year’s resolutions are easy to keep. If that wasn’t enough, we’ve provided advice on how to stick to them too.
Make passwords secure and stop changing them.
Last year MP Nadine Dorries caused a Twitter storm by admitting that she shares passwords with members of staff. We’re certainly not going to advocate this sort of behaviour and to be unequivocal, you should never share your passwords.
However, there is one age-old piece of password advice that it is time for you to forget. It is the need to frequently change passwords.
In theory, changing passwords regularly is sound advice. In short, you’re limiting the amount of time a person can use that password. It stops them from snooping on an account or returning later.
Unfortunately, regular changes encourage bad practice and ultimately leads to weaker passwords over time.
This is because it’s difficult to remember many secure passwords. Forcing users to change their passwords regularly, makes this task more difficult. It often leads to users changing just one character, such as password1, password2, password3.
You should use secure passwords instead. It is better to have a strong password that remains the same, than a weak password that changes regularly. You want to use passwords that are difficult to compromise in the first instance.
How to keep this cyber security New Year’s resolution.
We appreciate that remembering passwords is tedious at best. Board-level members of staff can have many passwords to remember, without including their personal accounts too.
That’s why we’d strongly recommend the use of a password manager. By using a password manager, you only need to remember one secure password. This is something that’s possible for all of us to achieve.
Pay attention to your office printer.
Despite many companies trying to become paperless, printers are still common for many businesses. Larger companies often have more printers and in many cases, the larger and more sophisticated they are too.
Whilst printers may seem harmless, they are effectively storage devices, connected to your network. This means that your printer could be storing documents that you print with little, to no protection in place. Take the time to find out how your printer works, what information it stores and how best to remove it.
Furthermore, you should also be updating your printers in the same way you do computers or laptops. Printer companies release firmware updates to patch any vulnerabilities, making them resilient to exploitation.
Failure to update a printer’s firmware could make your network easily accessible by others. What’s more, with typically long life spans, your printers may sit dormant with exploitable issues for some time.
As well checking what data your printer stores, you should also schedule regular reviews into firmware updates. This will help ensure nobody has easy access to your network, via your printers.
How to keep this cyber security New Year’s resolution.
Firstly, understand your printers. Speak to the company that installed them or the person responsible for their maintenance. They should be able to tell you what data your printers store and for how long. They should also have information about firmware updates.
Many modern printers will come with functionality to delete stored data and automatically update their firmware. Again, your printer provider should be able to help you with this. Be sure to ask how you can check updates have happened and how regularly you need to do so.
If you can’t make these tasks automatic, make sure you learn the manual processes. Then schedule time in your calendar periodically to delete the data and check for updates.
Manage your employee’s connections to the office Wi-Fi.
The use of smartphones, and other personal devices is on the rise in the workplace. If connected to the company Wi-Fi unchecked, these devices could pose a risk to your company.
This is because many companies have little to no idea as to what is on those devices. Whether it be malware or vulnerabilities within an app, a connected device could be a threat to your IT network.
As cyber crime continues to increase companies need to be aware of who and what is connecting to their network. This includes their own employees.
As employers don’t know what’s on their employee’s devices, their security teams don’t know what to prepare for. This makes countermeasures difficult to plan and implement.
How to keep this cyber security New Year’s resolution.
Limit access to the company Wi-Fi for work based devices only. There’s no need for personal devices to be on the company network. By removing their presence entirely, you can be sure that they won’t pose any security risks to your business.
You can revoke network access to any device previously connected, and limit future access to approved devices only. This means that even with the correct Wi-Fi password, access will be denied.
We suggest providing a separate guest network, should you want to provide your employees internet access. This means that a security breach on the employee network, won’t impact the rest of your business.
