Hello again, one and all; how are you doing?
Well, it’s been an eventful few weeks since the last newsletter. We’ve had to put the disappointment of the Euros final behind us, and we’ve now said goodbye to Gareth Southgate, who, for my money, did a sterling job despite the lack of silverware.
As I write, we are in the throes of the Paris Olympics, which are going to plan as far as I can tell. What did you think of the rain-sodden and frankly bizarre opening ceremony, by the way?
But I want to talk about the Crowdstrike cyber meltdown, which caused chaos for millions of Microsoft users in mid-July. This incident is a stark reminder of the potential risks in the digital age. It’s a wake-up call for all businesses, large or small, to prioritise cybersecurity. If any Enso clients were affected and need to understand the financial impacts, get in touch.
Worse, though, this event gave Mac users like me even more reason to feel smug about our choice of IT kit! No doubt this vanity will end in humiliating hubris. It’s only a matter of time before some AI-enabled bad actor discovers how to penetrate our shiny, overpriced laptops and wipe the self-satisfied smile from our entitled faces.
While there was little MS users could have done to avoid the Crowdstrike mega-glitch, SMEs are being targeted by cybercriminals every day. That’s why savvy business owners will implement robust security measures to protect their firms and clients. So here are some simple but practical cybersecurity tips to do just that.
It’s Everyone’s Job
Every member of your team should be cyber-savvy. This means Regular training sessions to help your employees understand cyber threats and how to counter them. Teach them to recognise phishing emails, avoid suspicious links, and practice safe online behaviour. A culture of cybersecurity awareness ensures everyone understands their role in protecting company data.
$tr0n9 P@55w%rD$
If you’re still using “password123,” go and stand in the corner. Implementing strong password policies is a classic ‘no-brainer’. Everyone must use complex passwords and update them regularly. If you can incorporate multi-factor authentication (MFA) for an added layer of security, then go ahead. Of course, password sharing is a no-no, and no-blame reporting of compromised passwords should be encouraged. Check here for tips on creating a strong password.
Update & Stay Ahead of the Curve
Cyber threats evolve rapidly. Bad Actors constantly find new ways to breach defences. It’s a pity they don’t use these skills to do nice things, isn’t it? Stay ahead by keeping your software up to date. Ensure that all operating systems, applications, and antivirus programs are regularly updated with the latest security patches. Enable automatic updates where possible so you never miss a critical patch. Of course, this won’t have prevented the Crowdstrike incident, but this tip remains sound advice overall.
Backup Data Regularly
Data loss can be catastrophic, but regular backups can save the day, especially against ransomware attacks. Back up your critical business data frequently and store it securely, whether offsite or in the cloud. And remember to test your backup plan to ensure your network can be restored without a hitch should the worst happen.
Secure Networks
There are a few businesses where IT isn’t the backbone of their operations, so protecting your network is paramount. As you’ll know, all my clients rely on tech to run their firm’s finances efficiently. Install firewalls to prevent unauthorised access and implement intrusion detection and prevention systems (IDPS) to monitor for suspicious activity. This is your first line of defence against cyber threats, so make sure it’s tip-top.
Lock Down Wi-Fi Access
If not appropriately secured, Wi-Fi networks can be an open door for cybercriminals. Use strong encryption (like WPA3) and hide your network SSID to make it less visible to outsiders. Ensure only authorised devices can connect using strong passwords and well-conceived access controls.
Access Privileges & Control
Only some people in your organisation need access to all data. Restricting data access on a need-to-know basis helps plug potential problems. This is known as the principle of least privilege (PoLP). Implementing role-based access control (RBAC) in your tech can help manage permissions effectively and reduce the risk of insider threats.
Keep Malware Out
Malware can wreak havoc on your systems, so robust antivirus and anti-malware software can keep threats at bay. Ensure your team understand the dangers of downloading software from untrusted sources and run regular scans on your network for these unpleasant gremlins.
Protect Data On The Go
Mobile devices are everywhere, and no more so than in the workplace. Mobile tech that accesses your network must be protected using strong passwords or biometric authentication. Do you know how to remotely wipe mobile capabilities to erase data if a device is lost or stolen? Accidents happen, so know how to prevent your valuable data from falling into the wrong hands.
Best Laid Recovery Plans
Even if you’re conscientious about data management, breaches can still happen. An incident response plan ensures you can act swiftly and effectively. Document clear steps to take in the event of a security incident and include contact information for key personnel and external partners, such as network providers, your legal team, and cyber support contracts.
Continuous Improvement
Tech is constantly changing, and cyber-baddies are continually devising new and nefarious ways to ruin your day. That’s why Regular security audits can identify new vulnerabilities and ensure compliance with security policies (and the law). Inviting external cybersecurity experts to perform an objective review will provide valuable insights on improving cyber defences. That’s money well spent, in my view.
Encrypt Your Information Today!
Encryption is a powerful tool for protecting sensitive data in transit and at rest. Ensure that encryption keys are managed securely and that your licences are always current. Again, a bit of training will ensure that your team understands the importance of ALWAYS using encryption to safeguard information.
Trust Cloud Services (But Verify)
At Enso, we rely on cloud services to offer our clients convenience and scalability, but we only use selected suppliers. Why? Because security varies by provider. I only recommend cloud services with iron-clad security practices and verifiable compliance certifications. In the same spirit, you should familiarise yourself with the security settings of the cloud platforms you rely on and configure them to protect your data.
Check, Little & Often
Implementing logging and monitoring allows you to monitor user activities and detect unusual behaviour. Review your logs regularly to spot potential security incidents early and take prompt action. Do some research on your crucial systems to find out where this useful BI can be accessed and used.
Best Efforts Will Make A Difference
All the above are just the tip of the iceberg for protecting your firm. Some of these simple steps may take more work for micro businesses. However, awareness is a good starting point, reviewing where you stand today and doing all you can to keep yourself and your clients safe. Remember, it can be expensive to fail in these areas, as keeping customer data secure is legally required.
Use quieter summer months (if such a thing exists!) to look at your tech set-up and policies. You’ll sleep better knowing you’re in good cyber shape (or will be).
Ten Seconds To Glory
Your Cyber audit might take you a few hours, which is considerably longer than it’ll take the Men’s sprint finalists to cover 100m on Sunday. And I’m happy to report I’ll be there to see it!
I’ll spend the weekend in Paris soaking up the atmosphere and looking to see as many events as possible in and around the city, especially the packed athletics schedule in the Stade De France.
I hope to see the remarkable balloon Olympic Flame in the Tuileries Garden and experience as many of Paris’s sights and sounds as possible. It’ll be a fast and furious visit to the cité d’amour, but I’ll leave with more unforgettable sporting memories to look back on.
OK, that’s it for this month. Enjoy the Olympics, and with luck, Team GB will return with a healthy haul of medals to make us all proud.
All the best
Adam