Cyber-threats are dangerous in work and personal IT environments - fortunately, there are plenty of cyber-security measures which are effective in both contexts.
When we talk about small business cyber-security, we tend to stress the importance of vigilance and strict rules - making a distinction between security at work, and the way we handle it at home. In reality, there’s a lot of crossover between both spheres, and a lot we can learn by examining and exchanging strategies from each.
With that in mind, let’s take a look at security concepts which are useful in both the home and the workplace.
In the workplace, every employee should understand how to detect viruses and phishing scams. Helping employees spot attacks is difficult because scams evolve so quickly and can be so sophisticated. That said, there’s plenty of incentive to be vigilant, since employees face exactly the same malicious threats at home. Techniques to spot phishing and viruses are easy to teach, and are just as important at home as they are at work - they include verifying a sender’s email address, checking suspicious emails for poor spelling and grammar, examining suspicious attachments before opening them and thinking before you click any dubious links.
Passwords & Login
In the workplace, we advise clients to change passwords regularly, in a home context, however, it’s easy to assume passwords don’t need to be managed as rigorously - yet your devices are just as vulnerable to hackers (especially those targeting bank details). At home, maintaining password discipline is daunting but, since we use so many software platforms and devices, it’s essential and easy to observe the same standards you use at work. Always use strong passwords to prevent hackers simply ‘guessing’ your details. Change your passwords on a regular basis or consider using a password manager which manages and encrypts the passwords you use across devices and software platforms. We will be putting together recommendations on how to create strong/secure passwords shortly which recommends moving away from the standard complex passwords.
Home software updates and patches are relatively low impact - they don’t affect the performance of your system too much, and it’s easy to keep on top of them (many are even automated). In a business context however, updates can be problematic - with many business owners delaying or ignoring them out of fear their network will be disrupted.
To keep your work network safe, you should try to update as much as possible: updates fix known security issues which hackers deliberately exploit. While you can’t necessarily copy your home-schedule, there are ways to implement an effective process safely, without disrupting services to clients - lots of software has useful ‘update planning’ features for exactly this issue.
Ultimately, we want clients to learn cyber-security like a language: the terminology we use in different contexts (home or work) may differ - but it’s understandable anywhere. The more you practice cyber-security, the more it becomes second-nature, meaning you can count on your strategy for protection wherever you, or your employees, are.
Steve Ross is Managing Director of Shackleton Technology