Skip To The Main Content

Don't be a digital victim: FSB’s 10 top tips on staying safe online

Following the recent ransom-ware attack on the NHS, as well as countless organisations around the world, many have seen the incident as a wake up call to ensure we all do more to protect our computer systems and websites.

FSB members have access to the FSB Cyber Protection, which offers market-leading policy, giving small business owners access to expert legal and technical IT security guidance.

But you can take action immediately by following our top ten tips, to ensure you are doing the utmost to protect your business and data.

1. Implement a combination of security protection solutions, including anti-virus and anti-spam software and firewalls

‘Anti-virus software’ has evolved in the last 30 years to combat the full range of attacks your system may face from cyber criminals. The different forms of attack may be Trojans, malware, ransome-ware or the traditional virus. The term ‘anti-virus software’ is an umbrella name to describe a system of protection for your system. But you should check that your cyber security software can protect you from all the different forms of attack.

2. Carry out regular security updates on all software and devices

Your cyber security software is the outer perimeter of your defence, and it needs to be regularly maintained. You should always ensure that you update your software and devices at the manufacturer’s request to keep your defences up to date.

3. Implement a resilient-password policy – minimum eight characters; change regularly

You cannot simply rely on cyber security software, and over-reliance on software is where many people are most vulnerable. You should foster a culture of security among your staff. Security should be seen as part of a process, with software considered part of a wider strategy.

4. Secure your wireless network

‘Piggybacking’ WiFi networks still happens, and criminals can hack your system by gaining access to your network. Keep it secure by ensuring that a unique password is required before anyone can log onto your WiFi.

5. Implement clear and concise procedures for email, internet and mobile devices

Education is vital, developing a security culture to reduce the likelihood of staff unintentionally jeopardising their own, or the company’s, security is imperative.  So too is good network management – not assigning administrative rights by default, segmenting the network to stop the spread of malware, giving write access only where it’s needed, encrypting data, backing up data and restricting applications that can run on the system.

6. Train staff in good security practices and consider employee background checks

The best defence to an internal fraudster is to stop them getting through the door in the first place. Check past employment and qualifications thoroughly and don’t be afraid to ask for evidence if you are unsure. But most staff want to do the right thing by their employer, so make it easy for them. Use a best-practice policy which is devoid of jargon, keep the rules easy to understand and they will be more likely to follow them.”

7. Implement and test back-up plans and information-disposal and disaster-recovery procedures

A cyber security drill should be as commonplace as a fire drill. If staff can recognise what a breach or a scam looks like, it will make real attacks easier and quicker to identify.

8. Carry out regular security-risk assessments to identify important information and systems

Backing up your most valuable data should be standard behaviour already. The easiest and most secure way to do this is considered to be cloud services, such as Google Drive or Dropbox. But check you are happy with the level of security – many providers allow you to increase the authentication process to increase the security. These service are updated and protected by the companies, and so are considered far less of a security risk than your own system.

9. Carry out regular security testing on the business website

Penetration testing can be done manually or by a third-party, or completed with several different products. These programs can be downloaded for free or purchased for a low cost, which is ideal for simpler websites, to complex and state-of-the art software that may require a skilled technician to reap all of its benefits.

10. Complete the Government’s Cyber Essentials scheme

It focuses on five key areas of security control:

Malware protection Preventing or minimising the risk of employees downloading viruses that could corrupt your systems

Access control Encouraging employees to create strong passwords and vary them between systems

Firewalls Investing in a robust firewall and making sure there are no leaks

Secure configuration Ensuring that systems are configured in the most secure way for the needs of the organisation

Patch management Big business software providers such as Microsoft and Oracle release regular patches and security updates – it’s crucial to keep these up to date