Top 5 tips to help make your firm more cyber secure
It can be hard to keep cyber security a constant priority throughout your everyday working life, but there are some relatively simple steps that can be taken to mitigate cyber threats.
Finding time away from serving clients can be incredibly difficult. However, just because you are busy does not mean the cyber threats looming over your firm get any less dangerous. In fact quite the opposite. Not dedicating time to risk management can create vulnerabilities and put your firm and your clients at increased risk.
Here are some of the best quick tips you can implement to make yourself more cyber secure.
1. Enable Multi-factor Authentication where possible
Multi-factor authentication is another layer of security that is designed to make it more difficult for attackers to access your accounts.
When multi-factor is enabled, you will be asked for your regular password and an authentication code. This will be sent to your authentication device, usually a mobile phone.
Enable multi-factor authentication wherever possible. This will make it much harder for attackers to gain access to your accounts, even if they have your password, as they will require access to you phone to complete the login process.
Mobile phone apps like Microsoft Authenticator, Google Authenticator and Authy can store authentication codes for multiple websites in one place to make the authentication process as simple as possible.
Using an authenticator app is also more secure than getting the code via text message, as SMS has infamously poor security, leaving it open to attack.
2. Use a password manager browser extension
A password manager is a brilliant tool that acts as a vault for all your passwords.
The vault itself is protected with one strong master password. You can also enable multi-factor authentication discussed above for an extra layer of security.
These password managers keep track of long and complex passwords for all your accounts. This removes the hassle of needing to remember them as many people have dozens of accounts that they require passwords for.
Another benefit of password managers is that they can create secure passwords for you and will suggest new ones when you are creating a new account for a service.
Password managers like Norton Password Manager, LastPass, 1Password and Dashlane also offer browser extensions. When you navigate to a website that requires you to log in (Office 365, Xero, LinkedIn, etc), the password manager extension can enter your stored login information for you.
Password manager extensions save you from needing to manually type out your login credentials, making you more efficient while keeping your passwords safe.
3. Update your software when possible
Though it may sound simple, applying updates is one of the most effective ways of deterring cyber-attacks.
Making sure you apply updates for the software you use is important for staying ahead of cyber threats. When attackers look at potential companies to target, they scan your network and computer for any vulnerabilities that they can manipulate.
Out of date software is an excellent source of vulnerabilities for attackers. The best defence against these vulnerabilities is to keep software up to date.
Auto update features should be turned on to prevent you from missing important security updates. It is also crucial to make sure your software is still being supported.
If the software supplier does not offer any more updates, then the software is vulnerable to cyber threats. Remove all unsupported software on your devices.
4. The cloud and backing up your information
Frequently backing up vital information can often be overlooked by some businesses: however, it is the best defence against ransomware attacks.
Ransomware attacks occur when a perpetrator places encryption on all your computer’s files and will only give you access if you pay a ransom.
In most cases, the attacker will not give you access back even if you pay the ransom. The only real solution is to reset your computer and start again from your latest backup.
When you store your data in the cloud, it makes it more difficult for attackers to gain access to these files and encrypt them because your computer and your files are in two separate places. This separation helps protect the files from malicious action.
Backups should also be made of cloud data and should be stored in a safe environment. These backups should be taken regularly to prevent major data loss in the case of a cyber-attack.
It is also important to keep a paper copy of any action plans, contact information or critical information you may need if your computer is unusable in the case of a damaging cyber-attack.
5. Get Cyber Essentials
Cyber Essentials is a certification that shows that your firm has defences in place against the most common cyber-attacks.
Getting cyber essentials will help you attract new business as potential clients can be confident that you are taking steps to protect their information. It may also open some other business opportunities as Cyber Essentials is a minimum requirement to tender for many government contracts. Even if you or your firm are not intending to tender for such contracts it is still worthwhile as they are increasingly looking to supply chain compliance. Your clients may therefore increasingly expect you to demonstrate your cyber credentials in so they can continue with their business.
While getting Cyber Essentials can take time, depending on the size of your firm, you do not have to struggle through the process alone.
Funded cyber support for accountants is a free support programme, facilitated by Scottish IT company Lugo, that increases your chances of passing the cyber essentials certification. The project marks the first time the Scottish Government has ever given funding for Cyber Essentials support specifically for the Scottish SME accountancy sector.
The programme’s free support offers:
The programme’s free support offers:
- Onsite visits from a Cyber Security consultant where they can train your staff to respond to cyber threats.
- Help to create a plan of action with the IT team to identify what they need to implement for Cyber Essentials.
- A breakdown of all the technical jargon into actionable information for decision makers.