October is Cybersecurity Awareness Month – so what better time to bring together our favourite IT security tips in one handy article?

This year’s theme for the campaign is Secure Our World. We’re going to help you do just that by bringing your attention to four important measures you simply must have in place to ensure your business’s data remains secure and your systems remain intact.

First, however, let’s remind you why creating and implementing a cybersecurity strategy needs to be at the top of your to-do list, regardless of the size of your business or your current setup.

Reiterating the case for better awareness of key cybersecurity measures

It might shock you to learn that there are more than 65,000 attempts to hack small to medium sized businesses every single day in the UK. Unbelievably, at least 4,500 of these attempts are successful, on average.

If you’re one of the unlucky companies that witnesses a data breach, you’ll need to dedicate significant time and resources to getting your systems back online – not to mention boosting your security programme to prevent the same thing from happening again. Your operations will be greatly affected while you’re getting back on your feet, and the whole incident will likely lead to wider losses in the longer term; in fact, a third of all UK organisations that were affected by cyberattacks said they lost customers due to the incident.

Focusing on enhancing your cybersecurity should be even more of a priority if your staff regularly work from home. As we discussed in this blog, IT protocols are often not followed when employees are in their own environment – and this can leave your network very vulnerable indeed.

4 easy ways to boost your business’s IT security

#1: Start using password managers

Let’s start with how to keep your digital passwords secure – and how to scale best practices across your entire workforce.

You are probably already well-versed in how to create a strong password. You’re aware that all your passwords should contain at least one capital letter, one symbol, and/or one number, and be at least 8 characters long – and you know to avoid guessable phrases like children’s names, birthdays, or anniversary dates.

But did you know that you can use a password manager to store all your passcodes away from prying eyes?

With so many passwords to keep track of, it can be tempting to list them all in a spreadsheet, or simply rely on the autosave function in your computer’s browser. (What you don’t want to do is write them down on post-it notes or scrap paper – but try telling this to the 25% of the population that are still doing so on a regular basis!)

We suggest using purpose-built password manager apps from trusted sources. They are typically very easy to use, and encryption ensures they are completely secure.

There are lots of free and freemium password manager apps available. If you handle a lot of passwords, and/or are particularly concerned about your password security, we recommend paying a little more for a password keeper from a trusted provider with lots of positive reviews.

A recent survey from PC World found that over a third of Americans are using a password management tool on a regular basis as of 2023. Two years ago, that number was just 20%. So, it’s clear that the tide is turning – and we recommend that you become a part of the password management movement before your lax security leads to a devastating hack!

#2: Get to grips with multi-factor authentication (MFA)

As we’re writing this, Microsoft is in the process of introducing multi-factor authentication (MFA) for all Microsoft 365 users. Everyone will need to use MFA to access their Microsoft services by the start of November.

We’ve seen first-hand over the years just how easy it is for hackers to gain access to business systems and wreak havoc by damaging sensitive data (or holding it to ransom). In our view, this policy couldn’t have come at a better time!

MFA uses more than just a username and a password to help you gain access to your accounts. It relies on a multi-step login process that makes it much harder for hackers to simply guess a passcode in order to get into your systems.

Depending on the MFA tool you decide to use, you may be asked to verify your identity by:

• Entering a one-time code that’s been sent to your email or phone
• Entering a one-time code that appears on a linked authenticator app
• Answering a secret question
• Scanning your fingerprint, retina, or face
• Proving your identity via voice recognition

Once you’ve got to grips with the way the technology works, you’ll enjoy the peace of mind that comes with this extra layer of protection! And why not extend MFA to your personal accounts?

#3: Train yourself and your staff on the perils of email phishing

Email phishing is still one of the most common and effective tactics used by cybercriminals to get access to sensitive information for their own gain.

Most of the time, an employee will click on a message because it looks like it’s been sent from someone they deal with regularly.

The email might look convincing. It might be crafted in the same format, with the same kind of language, with all the official looking logos and graphics. However, there’s every chance that it could have been put together by somebody who is trying to impersonate a known contact.

Alternatively, it could contain malicious links that will spread malware and other viruses across your network once they’ve been clicked on.

All it takes is for one of your staff to reply to a phishing email and share sensitive data, or click on a ‘bad’ link, and your entire system could be compromised. Once this happens, there’s no going back, and the repercussions can be huge.

One of the easiest ways to reduce the risk of losses to your business from phishing is to train your staff on what phishing emails look like. For example, you should encourage everyone to hover over an email link before they click on it. If the URL path isn’t the same as the link in its bare format, it could well be a trap.

Alongside delivering straightforward phishing awareness training, the team here at ECOM can also test your employees’ knowledge by sending out controlled phishing emails to staff and monitoring the way they respond. It’s a great way to benchmark staff capabilities and show them where they’re going wrong with realistic examples.

We’ve also provided a little more insight into common email security practices here.

#4: Let those automated updates run right away – no excuses!

We know that automated software updates can be a real pain.

We understand that they often strike at the most inconvenient times, too – for example, when you really need to get online to send an email, or when you’re just about to head into an online conference call!

But we cannot stress enough how important it is to install security updates when prompted to by your apps.

Unless you are concerned that auto updates will cause incompatibility issues or take up too much space without proper review, you should always make sure you have turned on automatic updates for your business software. Getting updates as soon as they are available means you will receive security patches that will address any known holes or vulnerabilities in the technology you are using. It’s a quick and easy way to keep your systems as safe as possible, for as long as possible.

However irritating it may be to have to down tools while you’re in the middle of something, don’t leave the update to the end of the day, or whenever you get around to it. Let the software do its thing, so you’re always protected!

Everyone is busy, so getting your staff onside with this approach is half the battle. If you’re a business owner, we’d suggest re-emphasising this practice within your IT policy and/or staff handbook.

As you can tell, the team here at ECOM is incredibly passionate about keeping our clients’ IT systems secure. For more cybersecurity advice, or to arrange a full review of your current security practices, please contact us today. You can learn more about our cybersecurity services here, or read our top tips on how to measure your company’s cybersecurity metrics.