Your IT security might seem to be a million miles away from your reputational concerns.
It’s all passwords and servers and the daily doses of user error (and the printers never doing what they should, obviously).
What recent days have shown us yet again is that data breaches make headlines. Today alone we’ve got a £500,000 fine handed down to Cathay Pacific for letting hackers at their customer data, as well as Tesco issuing replacement Clubcards to 620,000 customers for the same reason.
Yes, they’re giant global companies who are always going to make headlines. Consider though how it would be received if you had to admit to your suppliers and customers or clients that someone had got into your sytems… They might not take data, they might just vandalise everything because they’re 12 years old and think that’s funny. Or they could lock it up in ransomware and demand thousands from you.
It does happen at all scales and, quite apart from the obvious operational damage, there is a huge downside for your reputation. People will think twice before dealing with you again, competitors might try to capitalise on your woes.
At a human level it will be stress and trauma you and your staff can very well do without.
Quick IT security fixes
We’re not an IT firm, but we’ve worked in and around the sector long enough to have learned the importance of at least getting the basics right so that it’s not your hard-won reputation that goes up in smoke when your data disappears into the Dark Web.
Here are some starters:
– Enforce strong passwords for all systems, even the logon for everyone’s desktop (you are making them log on aren’t you..?)
– Consider investing in an enterprise password management service (take a look at Lastpass, Dashlane, 1Password, etc*)
– Check you have backups of everything, preferably off-site, into a secure cloud
– When people leave, change their passwords (if you’re not removing their accounts) and any shared ones
– Ensure you have endpoint (computer level) security on all of your hardware and that it’s kept up to date (virus protection, link scanning, etc)
Our favourite tip on passwords (aside from a good password manager) is to create nonsensical word combinations that only you would remember. Take three, maybe four words that would never be found in the same sentence normally and put them together:
Hackers use powerful CPUs to crack passwords, sometimes by the brute force of trying millions of combinations a second. How likely do you think they are to arrive at a single word dealing with nitrogenous lizards cuddling a plough…?
Make that the one password you need to access the rest which are stored in a password manager and you have just taken a quantum leap in security quality. The ones in the password manager can be random and might be uncrackable 32-character long strings of letters, numbers and symbols. It doesn’t matter – you don’t have to know or remember them anymore.
Simple systems security is one of those things it’s easy to forget or leave until tomorrow, but it’s quite simply not worth the PR risk.
* If you’re interested, we use Lastpass and have happily done so for many years now