Most modern businesses use some form of IT system, networks, servers or computer equipment to store and send vital business information. Customer quotes, contact details, payment information, invoices etc. While this kind of technology is the key to maintaining an efficient, effective and competitive operation, it also leaves them vulnerable to criminal cyber attacks. In addition, imminent changes to Data Protection legislation in the EU and UK mean your business is at significant financial risk if your IT systems is not adequately protected.
The Threat of Cyber Criminals
Every business has key information about customers, partners, staff, finances etc. If this sensitive information falls into the wrong hands it can be used to steal or extort money or commit fraud such as identity theft. Small businesses are particularly vulnerable to this kind of attack as criminals expect them to use old IT systems with very little protection, making them a prime target.
Another possible tactic criminals may use is called ‘phishing’. They will send emails or create links on websites encouraging you or your employees to click on them. These links will take you to sites that may appear legitimate but are actually designed to steal personal and/or business information.
General Data Protection Regulation (GDPR)
From 25th May 2018 the new GDPR will come into force across the EU and UK. Essentially, this means that the law around Data Protection is getting stricter and the consequences of being non-compliant are more severe than ever. The new regulations are intended to improve the protection and privacy around an individual’s personal data. If your business is found to be inadequately protected, using insecure processes or suffers a security breach, fines can be as much as £17 million (€20 million) or 4% of your annual turnover.
How can you improve your IT security?
There are lots of security measures which will make your business’ IT system more secure, but the best place to start is with high quality security software for your computers. This will software will protect against viruses, spam, Trojan horse and will detect phishing or hacking attempts. It should also include a server-based firewall program to monitor your Internet connections and encryption technology.
There are free antivirus packages available, but for businesses with around more than 8 IT systems it is definitely worth investing in a more substantial security software package. Here are 5 of the leading programs on the market.
Best IT Security Software
|Software||Platforms||Features||Users||Licence Period||Trial Period|
|Avast Endpoint Protection Advanced||Windows||Antivirus, browsing protection, remote management||1-100||1-3 years||30-days|
|Symantec Endpoint Protection||Windows, Windows Server, macOS, Linux, Virtual Environments||Antivirus, browsing protection, firewall, application control, device control, remote management||1-350||1-3 years||60-days|
|Bitdefender GravityZone Business Security||Windows, macOS, Linux||Antivirus, browsing protection, firewall, device control, user control, remote management||3-50||1-3 years||30-days|
|Avira Antivirus for Endpoint||Windows||Antivirus, browsing protection, baseline network protection, remote management||3-10,000||1-3 years||30-days|
|Kaspersky Endpoint Security Cloud 1.0||Windows, Windows Server, iOS, Android||Antivirus, browsing protection, firewall, device and web controls, remote management||10-150||1-3 years||30-days|
Avast Endpoint Protection Advanced
An easy to use program which offers real value for money if you’re business will be adequately protected by core antivirus, browsing protection and remote management for PCs. It is a little lacking in features but you could opt for the slightly more expensive (but still good value) Endpoint Plus which also includes firewall, spam filter and server protection.
Symantec Endpoint Protection
This program is at the pricier end of the scale but offers sophisticated protection for both servers and desktops. This software will run on PCs, Macs, Linux distros and many virtual environments but not mobile devices. Other key features include the company’s Insight file reputation technology (which detects and blocks even the very latest undiscovered threats) as well as antivirus, behaviour monitoring, intrusion protection, a firewall, and the ‘Power Eraser’ to remove stubborn threats and repair your system.
Bitdefender GravityZone Business Security
This program is widely renowned for superior malware detection, removal, performance and ease of use. It is managed from a central console enabling you to monitor remote users and even adapt access permissions when users are outside the company. Automated features include anti-malware, URL filtering, firewall and web advisor but it’s also highly customisable.
Avira Antivirus for Endpoint
A great choice for small businesses, Avira offer an easy to use product for Windows operating systems only. It includes all the key features such as antivirus, baseline network protection, web filtering, file server protection and optimisation plus with application whitelisting and blacklisting. The online web console enables you to manage your devices and includes a range of mobile phone tools (anti-theft, phone finder, and more).
Kaspersky Endpoint Security Cloud 1.0
This software will protect both PCs and mobile devices but including Windows PCs, file servers, Android and iOS devices. It includes antivirus, antispam, a firewall and more for desktops as well as a range of tools to detect insecure devices, control password rules, manage camera use, filter unwanted calls and texts, and remotely lock or wipe data from lost devices. It is managed via a simple web console where you can adjust internet access policies, device settings and more.
More IT Security Tips
The National Cyber Security Centre’s latest guidance on Cyber Security was published in November 2017. To help you identify what you could be doing to make your IT systems more secure, we’ve summarised the 5 key points here.
Backup your data
Identify your essential and sensitive data which your business needs in order to operate or would constitute a security breach if compromised. This information should be backed up to ensure that in the event of theft, flood, fire or physical damage it can be recovered. This also acts an insurance policy against ransomware attacks. Routine backups can be made to a USB stick, separate drive or computer or Cloud storage which isn’t accessible to staff or connected to the network holding the original data.
Protect against malware
In addition to installing the security software we’ve already talked about, there are other ways to prevent a cyber or malware attack on your IT system. Your staff should not be downloading apps or software from unauthorised sources and should only have the level of access / permissions which are appropriate to their role. All equipment and software should be as up to date as possible as the latest versions will have the most sophisticated security measures. Use of USB sticks and memory cards should be strictly monitored. Finally, assuming you have a firewall included in your security software, make sure this is turned on.
Make smartphones and tablets safe
If your business uses devices likes smartphones or tablets they also need to be protected, especially if they are used outside your premises. PIN codes, passwords and / or fingerprint recognition should all be used as standard. You should be able to track, lock and wipe devices remotely in case they are lost or stolen. Make sure they are set to automatically update to the latest software and, if possible, the latest model to ensure they have the best security features available. Don’t connect to unknown hotspots or WiFi connections as you can’t be sure who else is using the same network and could be accessing your data.
Optimise password protection
Passwords are a simple, free but effective way to protect your data. All your devices should be protected by a password or PIN code and, if possible, fingerprint recognition. Ideally, a two-factor authentication system is best for your most critical information. It’s tempting to do, but avoid settling for default, simple or predictable passwords and don’t use a universal password for all your systems.
Avoiding phishing attacks
Phishing emails are becoming more sophisticated and trickier to identify so it’s really important all your IT users are vigilant and cautious. Unfortunately you can’t eliminate the risk altogether, you can minimise it by restricting the access lower level users have and limiting internet access. Make sure your staff are trained in how to spot out of the ordinary requests for information, red flags for potential phishing attempts and to voice anything suspicious to their manager. Stay up to date with the latest scams and phishing techniques. If you are subject to a data breach, you are legally obliged to inform the ICO (Information Commissioner’s Office) within 72 hours.
For the full guidance from the National Cyber Security Centre visit their website.