Preventing Data Breaches – Practical Solutions for Businesses

We’ve teamed up with our IT Support provider PCM to discuss IT security, data protection and avoiding data breaches.

Whether you’re the victim of a malicious cyber attack, or simple human error, we’ve got some practical, inexpensive tips to improve your IT security.

1. Keep your software up to date

  • Software updates are designed to prevent known viruses from attacking your IT.
  • Keeping your software up to date is a key measure in preventing attacks on your technology, whether it’s an individual PC or your entire business network.
  • This includes your security software, like anti-virus, but also your processing software including your operating system.
  • If you do suffer a malicious attack and your software isn’t up to date, your insurance may not cover you for the damages.

2. Use Two Factor Authentication to access your accounts

  • Your email provider and bank will definitely provide two factor authentication as an additional security measure on top of your username/password login.
  • This prevents cybercriminals from hacking into your account by decrypting your password, which is relatively easy for a lot of cybercriminals.
  • Instead, you are required to input an additional token, commonly using your smartphone, to authorise access into your accounts. For example, when logging into your email provider, you may be sent a code via SMS to your mobile phone that has to be entered. Unless the cybercriminal also has access to your phone, they won’t be able to hack your accounts.

3. Backup Your Data

  • Recent ransomware attacks meant that organisations lost masses of sensitive, customer and business data.
  • With remote data backup, you can ensure that in the event of a ransomware attack, or if data loss occurs through human error, your data can be retrieved quickly.

4. Don’t pay unexpected invoices without further clarification

  • If you receive an invoice requesting payment from a supplier you don’t recognise, always double check with your purchasing department, or by calling the sender to verify the details over the phone.
  • Additionally, if you receive an invoice from a known supplier, but the bank details are new, call them to check, as social engineering means that cybercriminals can intercept email communications and send you an invoice with their own bank details on it. Recent cases of this have left the plaintiff out of pocket as a lot of insurance policies won’t cover this type of cybercrime, and then you are left to pay the valid invoice and you’ve lost the money you paid to the cyber criminal.

5. Use password managers to create difficult passwords and store them using encryption

  • There are several password managers available for little cost, including KeePass, LastPass and 1Password.
  • They generate long, complex passwords that are hard to decrypt and are different for each of your accounts, so that you don’t use a simple password to access all of your accounts.

6. Teach all of your staff the basics about avoiding email and web fraud

  • Don’t click on links from unknown senders
  • Don’t send passwords or login details via email
  • Never give out full bank account login details over the phone or online – your bank won’t ever ask for all of your login details
  • Always look for https in web links if you are entering payment information

With data protection laws changing in the coming months, consumers have more power over their data, and organisations will face higher penalties for data breaches. These practical tips, along with strict data processing procedures and clear rules around consent will help to avoid data protection breaches.

PCM are a Leeds based IT Support company working across Yorkshire. They provide IT services, web design and software development for small and medium businesses.