advertisement
Facebook
X
LinkedIn
WhatsApp
Reddit

Five things you should start implementing today to secure your business

Earlier this week we attended a rather jarring roundtable in which Trend Micro highlighted just how widespread cybercrime is in South Africa.

You can read more about that here, but the crux of the matter is that there is chum in the water and cybercriminals are circling in anticipation.

As such, business owners and decision makers should be investing in cybersecurity. This is of course, easier said than done as cybersecurity can become complex very quickly no matter the size of your business.

To help out, cybersecurity consultant at Trend Micro, Zaheer Ebrahim has shared five ways businesses can start securing themselves if they haven’t started yet.

Give remote workers secure connectivity and software

Now, we understand that when working from home was required at the top of the pandemic there was a mad scramble to get employees working. Now that it’s a year after the fact there really is no excuse to not provide your employees with secure connectivity.

“Organisations should provide internet dongles or mobile data bundles to their employees, so that they do not have to resort to connecting to free, unsecured networks when they are working remotely from coffee shops, coworking spaces or other public spaces. A safer alternative is to use your mobile device to create a secure hotspot between your smartphone and your tablet or laptop because you then retain control over this connectivity,” says Ebrahim.

In addition notebooks, tablets and mobile phones used for work really need to have update software and cybersecurity. Employees should also be trained to practice good password hygiene, especially for routers which are often left with the default password.

VPNs aren’t just for Netflix

You’ve likely heard about VPNs as a way to access content in other countries (though you should really check with the service to see if this is allowed) but they should also be used in a business context.

“Every corporate environment should have a dedicated VPN application that allows employees to connect to the internet via a secure tunnel. Employees also need to check into their corporate network regularly via a VPN, so that the IT department can create synergy between employees’ devices, their cloud connection and the head office,” Ebrahim tells us.

“If you have no other way to connect to the internet but through an unsecured, public network, you should always use a VPN. This makes it much harder for a hacker to detect your traffic and see where it is being directed to,” he adds.

Multi-factor authentication should be the norm

Friction is something that you want to avoid when it comes to ease of use but additional measures that make it harder for criminals to breach your network are good.

Multi-factor authentication should be enabled where possible as it adds another block that cybercriminals will have to circumvent.

There are many ways to implement multi-factor authentication including via SMS or using an app such as Google or Microsoft Authenticator. Consult with experts and shop around to find a solution that matches your needs.

Blocking the high seas

Unfortunately many people aren’t aware of just how dangerous piracy can be for their computer. It is incredibly easy for miscreants to hide malware in downloads on peer-to-peer file sharing websites.

With this danger in mind, Ebrahim advises businesses make use of Application Control to give applications the red or green light.

“This approach can also allow the IT department to audit any applications and software and its potential threat before giving or denying permission. In this way, the employee does not have to accept any responsibility,” the cybersecurity consultant says.

Regular cybersecurity training is key

We’ve said it many, times, before, and we’ll say it again: cybersecurity education and training is key to making sure the perimeter isn’t breached easily.

“Regular employee cybersecurity training, at least once a quarter or biannually, is invaluable especially as cybersecurity threats are continuously evolving,” says Ebrahim.

In that regard Trend Micro has a cloud-based awareness service called Phish Insight where employers can carry out customised security awareness training via phishing simulations. The simulations help to identify ‘patient zeroes’ and yields a list of vulnerable points so that relevant cybersecurity products and services, and education measures can be implemented.

“This also allows an organisation to ensure that all employees are familiar with their cybersecurity protocols – for example; discouraging employees from signing up to newsletters from their work emails and devices and helping them identify possible security risks. Risks that may include emails with malicious URLs that are sent from incongruent domains, are written in a poor writing style (spelling and grammar), and usually rely on a sense of urgency,” Ebrahim tells us.

While this is all very basic, getting the basics right is part of good security and the best time to start securing your business is right now.

[Image – CC 0 Pixabay]

advertisement

About Author

advertisement

Related News

Subscribe to
our newsletters

[mailpoet_form id=”1″]