1. If multiple people need access to cloud applications, use secure password sharing
These pieces of software allow passwords to be hidden from view so employees can only login, instead of viewing (then losing) the credentials. This removes the risk of lots of separate, unmanaged, passwords ‘in the wild’.
2. Consider following the lead of many American firms
Give staff so-called “brown bag” training sessions in basic security practices. This means giving everyone a packed lunch – nobody will object to free food – while talking them through a couple of handy security tips. They’re far more likely to pay attention to this than skipping through 200 pages of complex security procedures.
3. Put someone in charge of login accounts
Make sure that old members of staff can no longer login to accounts once they’ve left the company. For example, if they have rights to change the company website or accounts software, are they still able to login and see potentially sensitive business information Even worse – has a disgruntled ex-worker got access to the company blog or Twitter account
4. Don’t find yourself in a situation where Malware has locked your information
More often that not, hackers will demand a ransom to release it.
Ensure you’re making full and effective backups on a daily basis, and you can consider data loss, corruption and cyber-criminal blackmail a thing of the past.
5. Consider special training
For areas of the business which deal with attachments and / or excel on a regular basis such as accounting and HR, consider special training with regards to spear phishing and fake emails bearing refunds, tax invoices, expenses and other related attachments which often harbour data stealing Malware.
Christopher Boyd is Malware Intelligence Analyst at Malwarebytes.