Whilst we would always recommend protecting your business in every way possible, there are times when resources may be limited or deployment of new processes is slow and it’s right to look for ways to improve security regardless. In fact, all of the things listed here would be recommended practice even in large organisations with significant budgets and resources.
- Password Hygiene
These days, the majority of breaches are with the user’s actual password (not true hacks or brute force attacks). Do not use passwords across multiple systems; use phrases if they’re easier to remember (eg. sentences with spaces) as they are also hard to break; reset your passwords so you’re not using historical passwords that may have been compromised in the past. - Two / Multi Factor Auth
This is available on almost every system. Activate this – but with at least two auth options (in case you lose your phone – which is where most people’s 2FA apps live). - Not sure? Bin that email.
If you’re not sure, assume that DHL delivery email or Dropbox link probably isn’t legit. - Ring suppliers to confirm invoices and bank details.
Don’t assume an email is real. Email accounts get compromised and requests for payment are often faked through email. We even know of LinkedIn breaches where colleagues’ accounts are compromised and appear to ask for financial help through the platform.