5 Practical Tips to Keep Your Training Company Secure Online
October is National Cyber Security Awareness Month (NCSAM). Does your training organisation possess strong cyber security skills? Do you regularly practice 'cyber hygiene'? From ransomware to global DDoS attacks to hacks and phishing scams to... There's certainly no shortage of online security horror stories in the press, their frequency increasing and threatening every level of business. But, honestly, to most people, this all sounds like the stuff of sci-fi. And that's why we have the NCSAM.
Originally created by the US Department of Homeland Security and the National Cyber Security Alliance in 2004, and replicated by European counterparts, National Cyber Security Awareness Month aims to focus our minds on the ever-growing issue of online security.
With that in mind, these are 5 practical tips for ensuring your business stays safe online...
Know your business-critical assets and how to protect them
Training companies hold extensive amounts of data. Your job here is to identify what are the most critical assets in the business; assets that your business simply couldn't operate without or that may attract cyber-criminals.
Once you know where the top security risks lie, you'll be able to much more effectively protect them. Protection might include introducing strong login authentications, downloading regular system updates and habitual data back-up (more on that in a second).
Identifying business-critical assets allows you to introduce proper detection techniques. That means, knowing the online threats you're most likely to encounter and implementing up-to-date security systems that can counter them.
Trust your instincts
Arguably, the best approach to online security is to trust your instincts. If a website doesn't feel right, if an email attachment seems off, don't risk it. A core factor in ensuring your business IT infrastructure is protected is to practice vigilance (and a healthy dose of suspicious).
Phishing scams, for instance, are emails that purport to be from real companies, often high street banks. The emails have the right tone, the right logos, and with one quick glance, you can be convinced that it's genuine.
Scan for typos or design flaws that prove it's an unprofessional mock-up. Check the sender's full email address - phoney addresses won't be sent from official domains like PayPal.com or Barclays.co.uk. Finally, see what the sender is actually asking for. If they're requesting you send confidential data or click a link, then beware. The same rules apply for apparently genuine websites that are, in fact, harvesting your data.
Cybersecurity expert Professor Alan Woodward tells us to 'practice ABC - assume nothing, believe no-one, check everything.'
Ensure that your staff have training and awareness sessions for the best practice on how to remain diligent (more on that later).
Can you imagine losing the contact details of all your delegates? Or discovering that your resources calendar has been wiped? Think of how that might impact your business.
'Data can be lost in several types of incidents, including computer malfunctions, theft, viruses, spyware, accidental deletion and natural disasters. So, it makes sense to back up your files regularly.'
Regularly backing up your company's data is a great preventative step. This means that, should all else fail and your online security breaks down, at least you can still access information. How often you do it is up to you, whether every night or once a month, but best practice suggests backing up data as often as possible.
There are two kinds of data back-up - and it's worth using both. First, introduce automatic online back-ups using Microsoft's OneDrive or Google Drive; and maintain a physical hard drive that's undocked from any computer when not in use. This means that, if a virus infects your IT system via the internet, your back-ups won't be affected.
Use ISO-accredited software suppliers
ISO is the International Organisation for Standardisation. This is the body that ensures 'that products and services are safe, reliable and of good quality.'
If you use, or are considering investing in, a learning or training management system, much of your data will be held on external servers managed by your software supplier. As such, you'll want to take an additional step to guarantee the security of those information assets: Select a supplier with an ISO certificate.
accessplanit was the first training management software house to gain ISO 9001. We're also ISO 27001-certified, which is the international framework governing a company's information assets. This ensures that all information assets are protected at all times.
So, for clients, working with accessplanit means...
- Minimised impact of business disruption
- Confidence in security of information
- Proven protection of sensitive data
- Enhanced information security management
- Increased business resilience
Essentially, a business holding an ISO shows a serious intent about meeting and maintaining high-quality standards across the board. For training companies concerned about preserving the security of their online information assets, choosing an ISO-accredited supplier to hold external data is paramount.
Educate all staff
The NCSAM suggest that, 'Creating a culture of cybersecurity is an important element of building a cybersecure business.'
You may follow all the best practices out there, but if just one employee doesn't understand 'cyber hygiene', a single mistake can bring your business grinding to a halt. As such, educating and training all staff is supremely important.
Basic best practice tips for employees include:
- Changing passwords regularly (and don't re-use them)
- Don't access unsecured WiFi networks on workplace devices, including smartphones
- Avoid installing unknown external programs
The more eyes on online safety, the better. Even basic education will make a sharp difference to your organisation's continued cyber-security.
If you're interested in online security, you'll also like...