The Law Shop is now closed. Please click here to find out more.

Protecting your business from cybersecurity threats

Cybersecurity refers to the steps you take to prevent your business from hacking and other online threats.

Breaches of your business’s cybersecurity could have catastrophic consequences – malevolent parties could steal money, passwords or other customer data, potentially costing you great deal of money, as well as your customers’ trust. Even if they don’t steal any data, they could take your website down, potentially costing you valuable revenue.

Here are a few threats you need to consider in order to keep your business safe.

Insecure passwords

Insecure passwords have been the downfall of many businesses and computer users. Hackers are finding more and more ingenious ways to crack passwords, so you should make sure that your passwords are as hard to guess as possible.

Here are a few ways to make passwords more secure.

Avoid real words

Password cracking software is used by many hackers, and this software is particularly effective at sniffing out passwords made up of just dictionary words. By using random orderings of letters, you make it much more difficult for these programs to crack your password.

Mix in capitals, numbers and symbols

Having more varied characters in your password can make it more difficult to guess. However, simple symbol substitutions are not perfect, as some cracking programs can account for this, meaning that “p@$$w0rd” is not quite as secure as you might think it is.

Use unique passwords for different things

It can be tempting to use the same password across different accounts, but it is risky – if an account with that password is compromised, your other accounts could be compromised too.

Make sure you can remember it

Coming up with a thirty-digit password is all well and good, but it won’t be much help if you can’t remember it when you need to.

A good way to remember a password is through the use of a mnemonic, an easy way to remember something that only you will understand.

For example, if you are a Star Wars fan, you could take the popular Jedi slogan, “May the Force be with you”, and derive a password from the first letters of each word – “MtFbwY”. Add in some numbers, such as 1977 (the year that the first Star Wars film was released) and you have 1Mt9Fb7wY7 – a password that would appear nonsensical to someone else, but would be easy to remember for you.

(Note: using a password that someone else on the internet suggested is also a bad idea, so try to come up with your own).

Another way to keep track of passwords is through a password manager, such as KeePass. This allows you to create a database of your passwords, especially useful if your business used a number of different password-protected systems and services.

Unencrypted data

Encryption is a way to protect data from being viewed or taken by unauthorised parties. It works by turning data into random strings of characters, making it unreadable to anyone who tries to access it without a code to convert it back to the original correct data.

Encryption can be used on hard drives, cloud storage, and any other device you have that stores data. It can be used to protect company information, as well as the information of your customers.

Leaving this data unencrypted can have serious consequences, both for you and your customers. If the data of your customers is stolen, you could face fines, as well as the prospect of trying to rebuild your customers’ trust in your business.

Denial of Service (DoS) attacks

DoS attacks are a method of slowing or taking a website, network or other service down.

The method of a typical DoS attack is to overload a website with communication requests. This causes the website to grind to a halt, preventing legitimate users from accessing it.

This could be used against your website, but DoS attacks can be used against other resources too – they could be aimed at your computer, or at your whole network.

Distributed Denial of Service (DDoS) attacks

DDoS attacks work similarly to DoS attacks. However, unlike a DoS attack, which is directed from a single computer and internet connection, a DDoS attack involves using many different devices and connections at once.

As a result, defending against a DDoS attack is far more difficult, as the connections are coming from many different sources, as there is not an excessive amount of malicious traffic coming from a single source.

The best way to guard against DoS and DDoS attacks is to get some form of external mitigation – some ISPs offer DDoS mitigation, but a dedicated service such as CloudFlare can offer more focused protection.