Online Security 2019: How to Protect Your Business
No matter what size your business is, you can’t afford to leave online security to chance. You probably hear of cyber attack news stories on a regular basis; count yourself lucky if your network hasn’t yet fallen victim to a malware virus. We don’t want to scare you, but your business could be vulnerable to cyber attack in ways you haven’t even thought of. Don’t worry though! Follow our common sense tips to maximise IT security and protect your business network.
We’ll guide you through antivirus software, email security and best practices for passwords. We also have some tips to help your business adhere to GDPR 2018.
Malware removal: is AVG Internet Security the best antivirus software?
In the 21st century you need to think beyond just computer viruses and get software that offers the best level of malware protection. AVG Internet Security Business Edition has a solid reputation in the US for protecting small businesses. Here in the UK, AVG is available under the Avast brand.
Avast Internet Security review
Avast has an impressive suite of antivirus tools for home and business use, starting with Avast Free Antivirus. This is one of the best free antivirus software tools around, which scans your PC to detect and block all kinds of suspicious online activity. The free version of Avast Internet Security provides a respectable level of security for home PCs but as a business you are more likely to need the superior protection of Avast business edition. Since there's more at stake than there would be for your home PC, it's definitely worth investiing in the best defence against cybercrime.
Here's what users have to say about Avast Endpoint Protection for businesses:
Avast Endpoint Protection: the pros
- Outstanding level of protection against all kinds of malware
- Extensive suite of products for all sizes of business
- Straightforward installation
Avast Endpoint Protection: the cons
- Some users have reported that the interface is not very intuitive while others say it slows down their computer’s performance.
What are some of the other best malware removal tools on the market? Here’s a snapshot:
|Symantec Endpoint Protection||Two versions available according to size of business
Intuitive for users and quick to set up
High level of protection across all devices
|More expensive than others on the market|
|Trend Micro's Worry-Free Business Security Advanced||Scans external devices and USB ports||Complex setup process|
|Sophos Endpoint Protection Advanced||Uses unique, sophisticated behaviour monitoring to block attacks||Except for top-of-the-range PCs, has a detrimental effect on speed|
|McAfee Security for Business||Facility to set your own policies from the user-friendly dashboard||Slows down your devices|
|Avast Business Antivirus Pro||Includes server protection for Sharepoint and Exchange||Only available for desktop, not for mobile devices|
|Norton Small Business||Good value
Works across all devices
Easy set up
|Not suitable for larger organisations|
What are these tools protecting against?
There is a whole raft of malware (short for malicious software) out there, constantly attacking computer devices. Computer viruses are just one of the many kinds of malware that hackers use. A virus infects programmes by reproducing itself and enforcing unwanted changes into the code of the other programmes.
Other kinds of cyber threats include spyware, adware, trojans, backdoors and ransomware. These are all ways for hackers to infect your computer and they can cause major problems.
- Spyware: software that extracts information from you or your organisation, without your consent, and sometimes passes it on somewhere for it to be used for fraudulent purposes.
- Adware: software that imposes an inundation of unwanted advertising on your browser.
- Trojan: a deceptive computer programme that makes users believe it is something else. It is often a delivery system for a wide range of malware. Trojan horse software typically fools the user into giving away personal information.
- Backdoor: a way for hackers to access your computer or network without your knowledge
- Ransomware: cyber-attacks that encrypt your data and demand payment in return for restoring access to your data. You might remember the famous WannaCry attack of 2017, which infected older versions of Windows and hit hundreds of thousands of computers across the world.
Our other top tips for antivirus protection
- Use firewalls to stop unauthorised users accessing your network. This is one the best ways to prevent cyber-attacks. Check that the firewall for your operating system is enabled and active - if it is disabled it’s not going to help you at all!
- Keep software updated. Yes, we know sometimes those Windows updates are huge and take a long time to install, but they’re essential for maintaining the defences of your network.
- Remote working. Don’t forget about your employees who work from home. Be clear that they need to take cyber security seriously and that they are expected to take appropriate steps to maintain a high level of online security. For applications that require enhanced security, you may want to look into VPN (Virtual Private Network) solutions.
Looking for a business broadband deal that includes online security?
Call us free today to compare prices and get the best broadband for your business!
Computer viruses and malware are easily spread through email. Maybe you’ve seen the typical scenario before - one person unwittingly opens an infected attachment and before you know it your whole network is infected. Don’t leave yourself open to such security breaches by only relying on setting your spam filters to ‘high’. Web-based email clients offer a reasonable level of protection but when it comes to business security and emails, your cybercrime threat detection needs to take into account more than just spam.
This kind of cyber threat intrusion often comes in the form of emails from random strangers asking you for your bank details, trying to trick you into clicking on a link that eventually leads to theft of personal information and money. Make sure everyone on your staff is sufficiently cybersecurity-savvy not to fall for it; all employees should be trained to recognise phishing attempts.
These attacks are often disguised as emails from kind of reliable source such as your HR department or your bank but those organisations would never send emails asking for personal information. Other clues are poor spelling and grammar in the email text and suspicious-looking domain names in the sender's email address or embedded in the text. The golden rule is simply: if in any doubt at all about the sender, do not open any attachments or click on any links.
Email encryption helps to reduce the risk of attack from hackers and cyber criminals. Check that your mail server is enabled to encrypt outgoing and incoming emails. Many mail servers are set up to use a protocol called Transport Layer Security, which performs well against security threats.
Think carefully about your data backup and recovery policies; this is an area of business IT that you cannot afford to neglect. Keep track of your data needs and whether or not you have adequate storage capacity. It’s worth stating the obvious that data needs to be backed up regularly. This includes word processing documents, spreadsheets, databases, and financial and human resources records.
Data storage needs to be secure and reliable. Small businesses might find that a free cloud-based solution such as Dropbox or Google Drive is sufficient. Organisations with more complex data storage needs could upgrade to the business version of Dropbox, for example. Among other business cloud storage solutions are Egnyte, Box for Business and Sync.com.
Secure cloud storage
One of the safest options for business data security is to use cloud-based storage solutions. Using the cloud saves time and effort spent on constant physical back-ups. Your requirements for hardware will be less than if you use physical storage, but more importantly, the level of security and protection provided by the cloud is superior to more traditional data storage methods.
Cloud storage services have fewer vulnerabilities thanks to their use of encryption and advanced authentication procedures. Additionally, the cloud offers reliable protection against ransomware so your business will be better able to defend itself attacks. Another advantage is ease of access. For those who are authorised users; you can share files with clients or collaborators as you need to.
We’ve all had those moments of sheer frustration trying to come up with a memorable password that fits a set of demanding criteria about special characters, numbers, upper- and lower-case letters and password length. You’ll be glad to know none of that is really necessary. The latest advice from the experts, such as the US National Institute of Standards and Technology, is not to make password rules so complex.
This is because those super-strict password composition guidelines are not as useful as they seem. People tend to use the most predictable options, which means that it doesn’t take many attempts for a computer hacker to guess the correct password. Passwords or passphrases should be easy for humans to remember but difficult for computers to guess.
Create a passphrase using seemingly random words that mean something to you but not to anyone else; a collection of words that have an association with each other that you - and only you - know about e.g. polo lord eagle (if you want to know the secret connection between these, tough luck - I’m not telling!).
What about changing your password regularly?Again, contrary to popular wisdom, frequent password changes are not recommended. NIST’s advice is that the only reason to change a password is if it has been breached or forgotten. There’s no real need to force your staff to change passwords regularly because people are more likely to choose weaker passwords when they know they will have to change it again in the near future.
A general rule of thumb for your employees is to make their passwords strong and memorable in the first place, and change them if and when there is a security breach.
GDPR compliance for small business
Small businesses are not exempt from complying with the General Data Protection Regulation (GDPR). Ignorance is no excuse! Since May 2018, all businesses and organisations - SMEs, multinational corporations and the public sector - must have adequate data policies and practices that protect individuals’ personal information.
Your internet security plays an important role in complying with GDPR. Our top tips are:
- Only keep the data that you still need - a big part of data privacy law is deleting data that is no longer in use.
- Make sure all personal data is encrypted.
- Restrict access to customers’ or clients’ data to as few members of staff as possible.
- Ensure appropriate data security training is provided for those employees who have access to sensitive data
- Test the vulnerability of your network security tools by performing penetration testing. This is basically imitating what hackers would do to your network and devices so you can see where there are potential security risks.
GDPR applies to organisations based in the European Union and also to any entity from outside the EU that offers its services to people within the EU. Regardless of when the UK leaves the EU, your business will most likely still need to comply with GDPR. Non-compliance could mean a hefty fine for your company so make sure you or a staff member takes responsibility for this task.
Want to know more?Read our guide to the crème de la crème of business broadband deals before you sign up to an internet contract for your company.