As more and more businesses move to the cloud, the risks we once faced with paper have become digital. How can you protect your firm from cybersecurity breaches? Here are 3 steps to start securing your data and minimise the risk for your firm. Plus, here’s how to make cybersecurity an integral part of your value offering.
First, when you move to the cloud, you store data remotely - usually on servers and data centres managed 24/7. There are three tiers of cloud-based software:
- Internet-connected public clouds e.g. Amazon, Microsoft and Google;
- Consumer clouds e.g. Facebook, Linkedin, Twitter;
- Individual company, or ‘private’ clouds.
Cloud-based computing is one of the most secure methods of data storage. If one computer crashes, the operation will move to another part of the system. Plus, your data will be end-to-end encrypted. That said, 77% of IT pros believe their businesses will be hacked and almost half aren’t ready for it. Plus, according to this report by Sophos, 42% of IT Pros report at least 1 phishing attempt daily.
Here are three steps you can take to help protect your firm today.
Step One: Train your team on the cyber security essentials.
This is an investment in your firm and employees’ futures. IBM estimated that 90% of all digital data ever created was generated in the past two years. Much of that is being stored online. That means every time you get into work and open your laptop, or unlock your smartphone and check emails on your commute, you are accessing and creating data.
If your team were driving cranes, you would make sure they have the correct training. It’s no different navigating the digital landscape with your laptop and smartphone. If you haven’t already, establish a clear and concise data security policy. After sharing the reasons behind putting it in place, be sure to onboard your team from the start and put a strategic plan in place in case of a data breach.
Step Two: Use strong passwords.
Nearly one in five businesses have passwords that are weak or shared, according to a report from Preempt.
While passwords are not the perfect solution, they are often your first line of defense. In fact, Adam Lovingood, Xero America’s Head of Legal, calls them the “green leafy vegetable of IT security - we know they’re good for us, but we don’t really like them”.
Here are six rules of thumb:
- Avoid using words from the dictionary e.g. the dreaded ‘password’.
- Use at least 8 characters and a mixture of lowercase, uppercase, numbers and punctuation characters.
- Avoid security-sensitive information, such as dates of birth or your children’s names.
- Use different passwords on different systems, so make sure your Receipt Bank password is different to your Xero password. Also make sure your company account password is different to your personal account. Consider using a password manager software such as Password Safe to help you remember and manage the multiple logins.
- Do not write passwords down or send them through email or instant messaging services.
- If you or your company already have processes in place to help you set up a password, try not to be too obvious when changing it - for instance, by changing Password01 to Password02.
Step Three: Do an internal audit of your software.
If you already use cloud-based solutions, make sure your vendors are prioritising security and have adequate policies in place.
Here are some good questions to start with.
- Where do they store data?
- How do they handle breaches?
- What is their notification process should a breach occur?
- Do they have other customers in accounting, or highly regulated industries such as insurance?
- How do their terms and privacy notices read?
- Do they have a dedicated security officer or team?
Likewise, how would you answer these questions should one of your clients ask you this? Could you answer each one confidently?
Rather than prioritising cyber security just out of fear of a breach or compliance, put it at the heart of your services. By preparing yourself first, you can then share these learnings with your clients on cyber security and data protection, thus add value to your consulting services.
YOUR FREE GUIDE TO GOING DIGITAL
For a step-by-step guide on how to implement these changes, download The Paperless Playbook today and start taking charge of your time today.