10 ways to reduce cyber risk

Introduction

Typically, cybercriminals look for sensitive data or personal information they can use to access bank accounts – or set up email addresses to defraud people. They might try to break into private computer systems to look for valuable data or disrupt a business operation. The good news is, whoever the bad guys are, and whatever their motivation, they almost always go for the low-hanging fruit. The easy pickings. The quick wins. And by taking our 10 simple steps to improve security, you can reduce the risk of that being you, both at work and at home. It’s no surprise that the same main themes come up time and time again, so we’re not reinventing the wheel here – it’s all about showing you the small, simple changes you can make to dramatically reduce your exposure to a whole range of cyber risk.

1. Use strong, different passwords everytime

Even fairly complex passwords can be cracked, and if you’ve used the same one for multiple things, you might just become the low-hanging fruit cybercriminals are looking for. So, create a new, long, strong password every time, mixing letters, numbers and special characters. You could try using a passphrase rather than a single word – especially if it makes it easier for you to remember. And if you’re still struggling to keep track, some computers can suggest and save robust passwords for you. Even better, try a password manager like Dashlane or LastPass.

2. Set up two-factor authentication

Two-factor authentication (or 2FA) makes the login process more secure by combining something you know (like a password) with something you have (like your fingerprint, facial recognition or a code sent to your phone). Some online services, like banking, use 2FA as standard, but you can turn it on for email, cloud storage and social media just by going into your settings.

3. Change your device default passwords

Lots of today’s devices (like wearables) are deliberately designed to be quick to set up and get working. But to make that happen, they often use a default password straight out of the box. This brings the risk that if it’s internet-connected, your device could be accessed by someone who knows that default password and could tamper with, reconfigure, disrupt or disable your device. A quick google search will tell you the default password for any device, and it’s exactly where the bad guys will start. So, check whether you’re still using it and if you are, switch to a stronger, more unique password that protects you better.

4. Set up firewalls - and switch them on

These days we can control so much on our phones, from smart doorbells to our home heating. But everything we connect to the internet within our home, office or building has the potential to open a hole in our online defences. That’s why firewalls are essential, working like nightclub bouncers to stop anything suspicious coming in. Most computers and broadband routers come with some level of firewall, but that doesn’t mean it’s turned on – so check yours. As a business, you might want an even more robust firewall or more advanced perimeter security solution – what you choose will depend on the risk, exposure, value of the assets you’re protecting and your desire to keep them safe.

5. Make sure you've got antivirus software

Antivirus software helps protect your devices from malware or ransomware, which can disrupt work, lead to data loss and be expensive to remove. Whether they’re in your office, data centre or home, computers and servers all benefit from antivirus or anti-malware software – but it needs to be kept up to date because criminals are constantly inventing new ways to disrupt or steal your data. Set yours to update automatically or remind you regularly if you’d rather make manual updates.

6. Run regular backups

As well as helping protect against malicious data loss, regular backups can be a lifesaver if your computer gets broken or stolen. Using backup software can make data easily retrievable, so you can carry on working, whatever happens. Backup to another device, like a hard drive, or better still, back up to a secure cloud storage provider so your data is stored safely offsite. Your PC might already have an anti-virus package that includes cloud backup, or your USB-connected flash drive might have a secure cloud storage facility – but whatever you do, check.

7. Don't put your updates off

We’re all guilty of putting off software updates. But the truth is, the vast majority are security-related, and the longer we avoid them, the more vulnerable we become. So, next time your computer says it’s time to reboot, do it – or schedule your updates to run while you sleep.

8. Watch out for phishing emails

Cybercriminals use phishing emails to get the information they can use to commit fraud. Some are incredibly convincing, making tiny changes to email addresses you trust (like adding extra numbers) so at first glance, it’s hard to spot the difference. If anyone asks for your information, take a close look before you click. While so many of us are working remotely, it’s easy to be more distracted and falls foul of a well-crafted phishing email.

9. If in doubt, don't click

We’re used to boxes popping up asking us if we accept cookies, but if you’ve never used the website before, or it looks suspicious, say no, close the tab or navigate away. The same goes for pop-ups asking whether they can use your location, or suggesting you install something. It’s all too easy to accidentally download malware just by clicking ‘ok’ to get rid of a pop-up message, so take a moment, be wary and don’t click on things you don’t trust.

10. Get a professional risk assessment

If you’re concerned about your company’s exposure to cyber threats, an independent risk assessment is a great place to start – and we can help. Cyber risk assessments don’t have to be a painful experience – in fact, the best way to start is with a simple phone consultation. Your business might benefit greatly from a good practice framework like Cyber Essentials. It’s deliberately designed to be a practical, achievable framework for businesses that’s easier to follow than more formal frameworks like ISO27001.

At Backbone Connect we help companies strengthen their IT systems and security, with a specialism in supporting commercial landlords, asset managers and business tenants. Our in-depth understanding of building infrastructure, telecoms and cybersecurity mean we can help you navigate security challenges and successfully mitigate risk – and it all starts with that first call.

John Archer is Solutions Director at Backbone Connect. He’s an expert in understanding complex challenges and delivering future-proof solutions for businesses.*IDC survey, 26 March 2020.