As a business, you have a duty to protect yourself and your customers online at all times. From ensuring data is stored safely to checking that your website has up to date security certificates and can process payments safely, there are many things which you need to consider. In this blog, we’ll take a look at the most important elements your business will need to consider online and the steps you can take to make sure your business is safe at all times.
Staying On Top of GDPR
GDPR regulations came into effect in May 2018 and are known as the gold standard of data protection regulations, covering any organisation collecting data or targeting people within the EU. GDPR was designed to protect data privacy on the back of the rise of cloud services and regular data breaches, allowing consumers to have more peace of mind and control over their data.
GDPR covers how businesses must use data in a legal, ethical way, how individuals have the right to access their data and how an organisation is using their data, along with being able to object to the processing of the information. For example, if your business takes orders, the regulations will cover how you use the customer details. GDPR also ensures that businesses are working closely with their suppliers to ensure that their customer’s data is protected as it’s their responsibility.
To help you ensure that your business is GDPR compliant, it’s important to make sure that you have the following in place -
- Consider assigning a Data Protection Officer (DPO), who will become the expert on your business’s privacy work - The appointed person will be able to monitor and manage your business’s data and liaise with the relevant authorities when necessary to ensure that any data processes can run smoothly. This person will also be able to raise any data breaches and manage data processing records.
- Ensure that if you have a website, you have up to date privacy policies, cookie policies and terms and conditions so that you’re transparent about your activities - This will also allow your customers to be fully informed on how their data is processed and how they can opt out where necessary.
- Regularly carry out risk assessments when using data in a new way or changing suppliers - This will allow you to ensure your business’s processes are running optimally and safely.
Protect Your Passwords
Databasix statistics revealed that one small business in the UK is hacked every 19 seconds. Hacking is one of the most prevalent forms of cybercrime, however, by using a strong password you can vastly reduce the risk of being hacked.
On most websites, you and your customers visit, you’ll probably create an account including a password. However, nordpass found that many people tend to use the same passwords across multiple websites, which makes it easy for hackers to access your profiles. If someone gets hold of your details, they can make changes to and access any information they want, potentially putting all of your data at risk. By having different passwords across different websites, you’re able to ensure that your accounts aren’t being compromised.
The main things you need to consider when managing your passwords online include -
- Refrain from using personal information -Common pieces of information found in passwords include names, dates of birth and sports teams which make it easier for hackers to guess possible combinations. Best practice for password creation includes using password generators to create a combination of letters, numbers and symbols or using a combination of random words to make it difficult to work out. Strong passwords tend to be at least 12 characters long, with a combination of upper and lowercase letters, numbers and symbols.
- Use a different password on different websites - As tempting as it may be to use the same password so you can remember it with ease, by using different passwords you’re going to ensure the security of your accounts by preventing hackers from using the same details to get access to your website, socials and any other accounts.
Safely Managing Social Media
Smart Insights data suggests that around 60% of the world uses social media, which is a great way for businesses and consumers to connect. However, with this in mind, there are several risks associated with social media that businesses need to consider to remain safe. By protecting your account, you’ll help keep yourself safe from hackers and mitigate the risk of anyone posting malicious content on your brand accounts.
There are several ways in which you can manage your social media platforms to mitigate risk for you and your customers including -
- Limit the access to your social media accounts, so that the only people who have access are those who need it. By regularly changing your passwords and checking who has access, you’re going to be able to ensure that you’re on top of log ins. This will help you reduce the chance of employees who have left the business from accessing the information in your account.
- Keep up to date with scams - There are regular scams online, and social media is no exception. Whether it’s yourself or a dedicated person managing your social media accounts, build the habit of learning about new and common scams to educate your self to prevent risks. Websites like Social Media Examiner regularly provide up to date information on changes in social media and online trends.
- Make sure you have a backup plan - Should you, or the person who manages your social media accounts become ill or leave, or you notice something suspicious outside of working hours, you need to ensure that you’ve got a plan to cover the risks. It’s always best practice to have someone trusted, possibly an employee or business partner who can immediately take action in case of an emergency, such as an unknown login attempt or social post which doesn’t look normal. Having someone who can take action will reduce the risk of any malicious activity or damage to your business’s reputation. It’s a good idea to ensure that you prepare ways to access help centres across all platforms, know how to change your passwords and have a list of accounts and your details so you can promptly take action if needed.
Securing Your Website
Your website is going to be a place where people put trust in your business, so you’ll want to ensure that you keep every person who accesses it safe. If you’re a retailer, your website is also likely to be where most of your business’s transactions take place, and if your business offers a service, you’ll likely be taking many customer details, so considering online safety is critical.
- Ensure you’re using a safe web host - The web host you use is what puts your website online. Their function includes ensuring that your site is safe and protected from hackers and malicious attacks so that your website remains protected online. Whether you choose to work directly with a company that manages your website or use an independent company such as Hostinger, you need to research how they manage web security, to ensure that your site remains online and free from attacks.
- Secure your site with an SSL certificate - Simply put, an SSL certificate is the key to entering your website. It helps keep your website and your customer's data safe by authenticating the server and web user and ensuring that everything is kept private. Many web hosting servers offer an SSL certificate as part of your package, however, they can also be bought and implemented separately from places such as Digicert.
- Ensure any plugins or extensions are updated - Many websites have extensions to help with their functionality, from supporting SEO to lead generation tools. It’s crucial to ensure that all plugins are up to date as hackers seek out these types of vulnerabilities on your website to obtain access. Just like on any device you own, keeping on top of updates is always the best practice to ensure you remain safe and your website runs effectively.
- Payment security - If your customers don’t feel like they can trust your website to make a payment, they’re not going to make the purchase. As a business owner, if you’re not processing payments securely, you’re running the risk of your customers' data be hacked, which will ultimately fall on your business's responsibility under GDPR. It’s important to make sure that you partner with payment processors PayPal or WorldPay which can support you with ensuring your customers can pay in a way which suits them, whether that be directly from a card or through other means.
Be Vigilant With Emails
AAG data suggests that the most common form of cybercrime stems from phishing (the form of cybercrime in which criminals impersonate a reputable business or person with the aim of obtaining personal data or accessing systems). This is emphasised by the fact that 83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing. With this in mind, it’s important that every member of your business is aware of the emails which they open and the information which is provided. Here are our top 5 tips to look out for and spot that something’s not quite right -
- Poor grammar and spelling.
- Receiving attachments you’re not expecting.
- Requests for sensitive information, such as bank details or login credentials.
- Unusual requests from colleagues/clients.
- Check the signature, if something seems to be missing, such as contact information, it’s worth following up away from email to confirm.
There are several things you can implement in your business to reduce the risk of phishing attacks, including -
- Being cautious of opening any attachments - If you receive an email with documents that you’re not expecting, it’s always worth contacting the sender in a different form of communication, such as telephone to clarify that they’ve sent the email.
- Email filtering - Make sure that your email service provider has filtering settings switched on for all users to help reduce the risk of receiving malicious emails. This will usually automatically send any suspicious emails into junk files or block them from even entering the user's inbox.
- Set up multi factor authentication on all email accounts - multi factor authentication makes it harder for hackers to access email accounts. Having the extra layers of protection, from extra codes from a generator to a message sent to mobile when logging in helps protect your accounts from being accessed.
By ensuring you and your team are all aware of what to look out for and reacting to any potential security breaches, you can reduce the risk of your emails being hacked along with your business’s data.
Managing your online security is paramount to keeping your business and customers safe online. It’s a great idea to ensure that you have contingency plans in place so that you are always prepared to limit and harm caused. By ensuring that you and your team are educated on the latest online risks you’re able to ensure your business operates safely.