Almost everyone in the UK has heard about the recent spate of data hacks. In the last six months Carphone Warehouse, British Gas and TalkTalk have all been hacked and millions of customer details lost. These companies have lost millions of pounds in revenues, it has even negatively affected their share price.
Only the large data hacks hit the news headlines but there are thousands of smaller attacks each year that go unreported. You may feel that your business is too small to be a target for data thieves, the reverse is true. For those looking for small 'easy' targets, it is far easier and quicker to penetrate the smaller companies, stealing data often unnoticed.
Data thieves steal a variety of information, but many big data breaches have been caused by brute force attacks and theft of login credentials. Usernames and passwords are often re-used for convenience across more than one website, which in turn means a single, vulnerable password can mean access to multiple sources of information to a data thief.
If you’re unlucky enough to have your site hacked or your customer details stolen, there can be many short and long term financial and reputational repercussions for your business. Customers’ primary concern is identify theft and companies without adequate security measures in place risk a damaged reputation and risk losing their customers to a competitor who takes security more seriously.
What can you do to protect your company against unauthorised access?
- Staff training – Make staff aware of the importance of data security and their role in it – this should be provided as part of their company induction, but also as ongoing training on a regular basis to minimise human error and keep everyone updated with best practice
- Security policies – Have security policies in place and circulate these to all employees so that they have clear, written instructions that state what they are meant to do and when
- Passwords – Use complex passwords, never re-use the same password for multiple sites, and change these passwords regularly. '123456' and 'password' were the most commonly used in 2015 – avoid these completely
- Data encryption – Encrypt all sensitive information so it cannot be read
- Data back-ups – Ensure that files are backed up regularly, fully encrypted and tested to ensure they can be recovered if needed
- Protect mobile devices – If employees are working remotely or using public networks, ensure that they follow strict security procedures to avoid Man in the Middle Attacks
- Conduct security audits – If you don’t feel that you know enough about how secure your systems are then it would be worth paying a professional to help you. You may also be able to get funding through security vouchers to assist with the cost of this
- Implement two factor authentication – Adding an additional layer of security at login will stop the vast majority of hackers
When it comes to ensuring longevity for your company now and in 2016, security should be your top priority and prevention is your best defence. There’s no need to wait until an issue arises to take action. Both your business and your customers will thank you for it.