As a small business owner, the last thing you need is an online security breach. That’s why it’s well worth getting the right security measures in place and reviewing them on a regular basis, writes PAUL MACPHERSON, Head of Security, Xero.
Most of us couldn’t get through the day without using the internet. Whether it’s helping us get to work or schedule plans with our family, one things certain – this access to the internet has massively transformed our lives for the better.
The same goes for small businesses, giving them access to a connected, global world and the ability to transact and operate with far greater efficiency. However, as more small businesses take advantage of the exciting opportunities that the internet offers, it’s crucial that cybersecurity is the number one priority.
According to security software company Norton, globally 689.4 million (31%) people were affected by cybercrime in the past year. What’s more 63% of people also believed it’s become more difficult to stay safe and secure online over the past 5 years. Criminals are getting smarter online – and small businesses, with often limited resources at their disposal, can be particularly vulnerable.
In many security breaches, cyber-criminals simply exploit insecure remote-access software, employee activity and weak password security to gain access. Hacking methods such as phishing and social engineering, as well as sophisticated malware are popular methods used to breach seemingly secure systems.
As a small business owner, the last thing you need is the consequences of an online security breach. That’s why it’s well worth getting the right security measures in place and reviewing them on a regular basis. Here are four focus areas that should be deployed immediately to safeguard your business from attack:
- Choose the right security software, and don’t forget to update it
It pays to install reputable anti-malware software and regularly update it. Malware often tries to exploit known vulnerabilities in software and this could seriously compromise your systems. Anti-malware will detect and stop most malicious software including computer viruses, worms, Trojan horses, ransomware, spyware, adware and scareware from entering your systems.
As well as keeping your anti-malware software up to date, you need to keep your operating system and application up to date with the latest security patches. It might seem obvious, but you’d be surprised at the number of businesses who don’t do this. Look at the recent WannaCry and NotPetya ransomware instances in which a known Microsoft SMB vulnerability was exploited which organisations should have patched.
- Equip your employees with the right skills
Many scams and attacks rely on manipulating people to do something that gives hackers the information or access they’re after. Known as social engineering or phishing, these tactics include using personal information to earn trust from unsuspecting employees. All it takes is two seconds for you or one of your team to click on a link or attachment in an email, or enter a password on a fake login page, and you’ve let the criminal in.
No matter what industry your business operates in, you’ve got to educate every last member of staff – including yourself! There are easy-to-use online tutorials available that help train people in the dos and the don’ts when it comes to staying safe online.
- Use 2SA
The 2SA or Two-Step Authentication is like putting an extra deadbolt on your front door. It involves two layers of security. First, enter your existing password and then input the verification code generated by an app on your smart device. This significantly reduces the risk of account takeover – the cybercriminal may get hold of your password but that’s not enough for them to gain access.
2SA (or 2FA, MFA or 2SV) is also an important security measure to protect your email account. An insecure inbox is incredibly risky; once hackers get hold of it, they’ll be able to reset all your passwords. A compromised business email account is often used for invoice fraud, by intercepting and changing the payment bank account numbers on invoices attached to emails as PDFs.
- Enforce strict password protocol
The number of passwords most people have these days can be quite overwhelming. So it’s natural for you to pick something that is relatively easy to remember, but this can a dangerous move. A basic password is easy to hack – a dictionary attack can crack a basic code in a couple of seconds.
Make sure you reinforce just how important it is that everyone picks a robust password. Ask them to run it through a password checker to make sure they’re being as safe as possible. Rather than changing your passwords regularly (this can lead to bad password habits and predictable passwords), create a strong password from the get-go. This should include a mix of at least 12 characters of different types. Of course, if you suspect that your password has been compromised then change it immediately.
Using a different password for each login is also good practice. Having a unique password helps prevent a compromise of one login becoming a compromise of many. Consider installing a Password Manager to help generate strong, unique passwords for each site.
A small, agile business typically allows employees to access email or other business apps from their phones. If this is the case, ensure that your employees protect their phones with a password, PIN, or biometric (fingerprint) authentication. A mobile device manager (MDM) can enforce security policies and delete access to business data if the phone is lost or stolen.
Unfortunately, we are living in a world in which these online threats are only going to get more frequent and more sophisticated. Global research tells us that more than 50% of cyber attacks target small businesses. But, the measures you can take to combat these threats are also getting wiser. It might seem like a large commitment with not much ROI, but in the long run it could be the making or breaking of your company.
Kenya tool to help companies prepare for emergencies
After its team members survived last week’s Nairobi terror attack, Ushahidi decided to release a new preparedness tool for free, writes its CEO, NAT MANNING
On Tuesday I woke up a bit before 7am in Berkeley, California where I live. I made some coffee and went over to my computer to start my work day. I checked my Slack and the news and quickly found out that there was an ongoing terrorist attack at 14 Riverside Complex in Nairobi, Kenya. The Ushahidi office is in Nairobi and about a third of our team is based there (the rest of us are spread across 10 other countries).
As I read the news, my heart plummeted, and I immediately asked the question, “is everyone on my team okay?”
Five years ago Al-Shabaab committed a similar attack at the Westgate Mall. We spent several tense hours figuring out if any of our team had been in the mall, and verifying that everyone was safe. We found out that one of our team member’s family was caught up in the attack. Luckily they made it out.
At Ushahidi we make software for crisis response, including tools to map disasters and election violence, and yet we felt helpless in the face of this attack. In the days following the Westgate attack, our team huddled and thought about what we could build that would help our team — and other teams — if we found ourselves in a similar situation to this attack again. We identified that when we first learned of the attack, nearly everyone at Ushahidi had spent that first precious few hours trying to answer the basic questions, “Is everyone okay?”, and if not, “Who needs help?”
People had ad-hoc used multiple channels such as WhatsApp, called, emailed, or texted. We had done this for each person at Ushahidi (their job), in our families, and important people in our community. Our process was unorganised, inefficient, repetitive, and frustrating.
And from this problem we created TenFour, a check in tool that makes it easier for teams to reach one another during times of crisis. It is a simple application that lets people send a message to their team via SMS, Slack, Voice, email, and in-app, and get a response. It also works for educational institutions, companies with distributed staff, as well as part of neighbourhood networks like neighbourhood watches.
This week when I woke up to the news of the attack at Riverside, I immediately opened up the TenFour app.
Click here to read how Nat quickly confirmed the safety of his team.
Kia multi-collision airbags
The world’s first multi-collision airbag system has been unveiled by Hyundai Motor Group subsidiary KIA Motors, with the aim of improving airbag performance in multi-collision accidents.
Multi-collision accidents are those in which the primary impact is followed by collisions with secondary objects, such as other vehicles, trees, or electrical posts, which occur in three out of every 10 accidents. Current airbag systems do not offer secondary protection when the initial impact is insufficient to cause them to deploy.
However, the multi-collision airbag system allows airbags to deploy effectively upon a secondary impact, by calibrating the status of the vehicle and the occupants.
The new technology detects occupants’ positions in the cabin following an initial collision. When occupants are forced into unusual positions, the effectiveness of existing safety technology may be compromised. Multi-collision airbag systems are designed to deploy even faster when initial safety systems may not be effective, providing additional safety when drivers and passengers are most vulnerable. By recalibrating the collision intensity required for deployment, the airbag system responds more promptly during the secondary impact, thereby improving the safety of multi-collision vehicle occupants.
“By improving airbag performance in multi-collision scenarios, we expect to significantly improve the safety of our drivers and passengers,” said Taesoo Chi, head of the Hyundai Motor Group’s Chassis Technology Centre. “We will continue our research on more diverse crash situations as part of our commitment to producing even safer vehicles that protect occupants and prevent injuries.”
According to statistics by the National Automotive Sampling System Crashworthiness Data System (NASS-CDS), an office of the National Highway Traffic Safety Administration (NHTSA) in USA, about 30% of 56,000 vehicle accidents from 2000 to 2012 in the North American region involved multi-collisions. The leading type of multi-collision accidents involved cars crossing over the centre line (30.8%), followed by collisions caused by a sudden stop at highway tollgates (13.5%), highway median strip collisions (8.0%), and sideswiping and collision with trees and electric poles (4.0%).
These multi-collision scenarios were analysed in multilateral ways to improve airbag performance and precision in secondary collisions. Once commercialised, the system will be implemented in future new KIA vehicles.