As a business, it’s your responsibility to safeguard not only your own information but also any sensitive data that belongs to employees and customers. By keeping informed about cybersecurity and implementing security practices throughout your business, together we can build a stronger, more secure online community.
With so many businesses working remotely around the world, it’s important to remember that scammers are always on the hunt for new ways to get access to your information. Here are some simple, easy-to-implement steps to help you protect your business, your employees and your clients online.
1 – Be aware of phishing
Phishing is the fraudulent attempt to steal personal information, credit card and banking details, or passwords, by pretending to be a legitimate organisation. During the COVID-19 pandemic, there has been an increase in phishing attacks where hackers pretend to be government agencies giving health or pandemic advice in order to spread malware, steal your login credentials and credit card information.
The best way to prevent phishing is to keep yourself and the people you care about informed. Make it a habit to verify the origin of the email and think twice before opening links and attachments. Look out for strange email addresses, mis-spellings or dodgy formatting. We’ve included some examples of things to look out for on the Xero security noticeboard.
2 – Use unique passwords and two-step authentication
Cybercriminals can steal your password in many ways. It’s important to use unique passwords for any services that are important to you to avoid being vulnerable if your credentials are exposed. Password managers are a great option as they provide an excellent balance of security (strong randomly generated passwords) and convenience (one-tap login across devices).
Two-step authentication (or 2SA) provides an extra layer of security and is mandatory if you’re using a digital software provider that interacts with the ATO. The first layer is your login and password. With Xero, the second layer is a unique code generated from an app on your phone every 30 seconds. You need both in order to log in.
3 – Avoid using open wi-fi connections
Open, or public wifi connections can be easily mimicked by cybercriminals. This is when they set up a wifi connection, and pretend to be a trustworthy source. If you connect to any of these, they will be able to see all the data you view or share.
If you don’t have access to a trusted network, try using a mobile hotspot instead, or a Virtual Private Network, commonly known as a VPN. A VPN is a software that encrypts all connections, which means that a cybercriminal won’t know which websites you’re visiting and the credentials you’re using.
4 – Check all software is up to date
Cybercriminals tend to abuse any bugs in software to make it behave in unintended ways. Most companies are good at monitoring and fixing these bugs, but the problem isn’t solved until you update your computer.
Make sure you and your staff are running anti-virus and anti-malware software on work devices. It’s important to regularly check that software is up to date. This includes operating systems, such as Windows or MacOS, as well as any antivirus or local software. If you have the option set-up automatic updates.
5 – Off-boarding
Off-boarding previous employees is just as important as onboarding. If an employee leaves your business, make sure you have a process in place for ending their access to all of your business tools. Also make sure that any login passwords for shared email accounts (e.g sales) are changed as well.
Suzy Clarke, EGM of Security, Xero