With all the talk about strong passwords and educating staff not to fall for phishing emails, you could be forgiven for thinking that the age of security software had passed.
But while it’s true that the biggest cyber-security breaches in recent years have mostly been caused by human error – clicking on a phishing email, setting an all-too-easily-guessable password, sharing email accounts – that’s only because other cyber-attacks have been thwarted by efficient and up-to-date security software.
Cyber-attacks continue to rise, and the GDPR legislation now in force puts the onus of protecting data firmly on the companies holding it. So if you run a small business, it should be a priority to make sure your systems are as safe as they can be.
So what security software do you need? It’s a good idea to think of it in terms of layers.
As an absolute minimum you should install antivirus software as a first line of defence against viruses and Trojan Horse programs. Spam filters are not 100% effective, but they do limit the amount of spam emails which could contain malicious code or dodgy links. Anti-phishing software aims to detect phishing content in emails, though it may not be effective against a targeted attack.
You should also have a firewall that monitors and filters traffic from the internet into your business network.
The minimum protection suggested above covers your ‘traditional’ IT network of desktop or laptop computers. But there is every chance that you and your staff are connecting with the network using any number of devices, including smartphones, tablets, or other business-specific technology, such as hand-held POS devices. All of these devices need to be covered with Endpoint security.
A Virtual Private Network (VPN) is a popular choice for businesses with multiple offices or staff who work remotely. You connect via the internet, but your communications are protected as if by a tunnel through the cloud. Some VPNs have vulnerabilities at the connection points, though, so make sure you get advice from an experienced provider before installing.
Encryption sounds terrifyingly complicated and as if it belongs in a James Bond film. In fact, you are already using encryption by default if you are using any cloud services. But it’s the service-provider that has the ‘key’, so if you are storing any personal or sensitive data, you should add your own encryption software on top.
At what level does your security software stop – and what protection are you missing? Contact John Crozier for an informal chat or a complete cybersecurity audit.