skip to Main Content

5 Very Basic Cyber Security Measures for Companies

  • Blog

Did you know, when it comes to cyber security measures, people often forget about the basics? Businesses can get caught up in a multitude of ‘cyber security to do’ lists, but not implementing these basics could be costly. Cyber security is no longer a nice to have, but a necessity. Data breaches and cyberattacks are a constant threat and hardly a day goes by without a news article on the subject. With increased frequency and severity, they have the potential to cripple operations, damage reputations, and incur significant financial losses.

Fortunately, there are several basic measures companies can implement to significantly improve their cyber security posture. Here, we’ll break down five very basic practices that every business, from small start-ups to established enterprises, should prioritize.

1. HTTPS: The Secure Foundation of Online Transactions

At the core of website security is the transition from HTTP to HTTPS (Hypertext Transfer Protocol Secure). HTTPS encrypts data transmission between a website and a user’s browser, protecting sensitive information like login credentials, credit card details, and personal data from being intercepted by attackers.

The alarming reality is that many companies still operate websites using the unsecured HTTP protocol. This exposes user data to potential theft and can have serious consequences. Without HTTPS implemented, web browsers display security warnings when users access the websites. Depending on the browser, the warning might be displayed in the search bar with the text ‘Not secure’, a lock symbol that has a red line through it, or an exclamation point in a triangle. These warnings can not only deter customers but also damage a company’s reputation for trustworthiness. A visitor who lands on a site with a “not secure” warning is very likely to leave and not click through to your site. If you have a high bounce rate on your website, it could be because your site is not secure.

Implementing HTTPS is a relatively straightforward process for most businesses. Many web hosting providers offer simple one-click solutions for activating HTTPS on existing websites. The benefits are substantial. HTTPS builds trust with users, protects sensitive data, and fosters a secure online environment for business transactions.

2. Password Managers: Boosting Security and Saving Time

Remembering strong, unique passwords for every online account can be a challenge, even for the most diligent individuals! This often leads to password reuse, a major security vulnerability. Password managers offer a practical solution to this problem. These software applications store and manage login credentials for various platforms securely.

Password managers offer a significant advantage over manually creating and remembering passwords. They enable users to generate complex, unique passwords for each account, significantly reducing the risk of unauthorized access. Additionally, features like auto-fill can save employees valuable time by automatically entering login credentials when accessing applications and websites.

The difference in security between a strong and weak password is vast. When it comes to passwords, mixing upper and lower case letters, adding numbers, and adding special characters increases the time it takes for hackers to crack them. With password managers generating and storing complex passwords, businesses can significantly reduce the risk of data breaches stemming from weak passwords.

3. Two-Factor Authentication (2FA): Adding an Extra Layer of Protection

Two-factor authentication (2FA) strengthens logins with an additional layer of security. In addition to a username/email and password, 2FA requires a second verification step, typically a code sent via text message or generated by an authentication app (e.g. Google Authenticator, Microsoft Authenticator, Authy, etc). This extra step ensures that even if an attacker obtains a user’s login credentials, they will still be unable to access the account without the additional verification code.

While 2FA might seem like an inconvenience, it is a vital security measure that offers significant protection against unauthorized access. The initial hurdle of adapting to 2FA is quickly outweighed by the peace of mind it provides. Additionally, many 2FA apps offer user-friendly features like the ability to edit and customize settings to rename and reorder accounts for easy access. Although websites/software may recommend different 2FA apps, you can use the same app for all!

The good news is that most password managers integrate seamlessly with 2FA, allowing users to manage both functionalities within a single application. This eliminates the need to use multiple, separate apps, simplifying the overall login process while maintaining robust security.

4. Separate Work and Personal Email: Maintaining Boundaries and Preventing Breaches

Separating work and personal email accounts should be a fundamental cyber security best practice for businesses of all sizes. There are several reasons to maintain separate email accounts.

Most importantly, using your work email address for work only ensures that company communication and sensitive data remain much more secure (and organized).

Conversely, using a work email address for your personal life can open up serious threat vectors to the company which otherwise wouldn’t be there. This is because in our personal lives we sign up for all sorts of accounts and groups and we share our login credentials each time. This puts our details into multiple databases all around the world, which may themselves be hacked. In addition, receiving personal emails into your work inbox can create clutter and distraction with your day-to-day work.

For small business owners, the distinction between business and personal can be blurred. However, separating email accounts is an important aspect in the building of a stronger cyber security environment. Every business, whether big or small, should set boundaries between work and personal life.

5. DMARC: The Email Authentication Guardian

DMARC stands for Domain-based Message Authentication, Reporting & Conformance and is one of the fundamental pillars in cyber security if a company owns and uses its own domain. DMARC acts as an email authentication guardian, protecting your domain from attackers’ spoofing. Email spoofing is a tactic commonly used in phishing scams, where emails appear to originate from your company but actually come from a malicious source.

DMARC establishes a policy in your Domain Name System (DNS) that specifies how receiving email servers should handle messages claiming to be from your domain. This helps instruct servers to reject unauthorized emails, preventing them from reaching inboxes and potentially compromising sensitive information.

Implementing DMARC offers crucial benefits such as significantly reducing the risk of phishing attacks that leverage your domain name. DMARC reports also provide valuable insights into email activity associated with your domain, helping to identify unauthorized attempts to send emails on your behalf.  As an added benefit, it helps ensure your emails land in inboxes instead of spam/junk. The security benefits of DMARC are well worth the investment and we strongly advise you to get protected.

Conclusion: Building a Strong Cyber Security Foundation

cyber security measures – HTTPS, password managers, 2FA, separating work and personal email, and implementing DMARC for email security – provides a solid foundation for protecting your business. While they may seem like basic steps, they can significantly enhance your company’s overall security posture and prevent costly data breaches.

Keep in mind that cyber security is an ongoing process, not a one-time set-up. Regularly updating software, educating employees about cyber threats, and staying informed about emerging security best practices are all crucial aspects of maintaining a strong cyber defence. Small business owners need to keep their security in mind too! It can be overwhelming to think of additional costs, but these 5 security measures will cost far less than the expense of a security breach.

Useful Links

Legal

Back To Top
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.