What Cyber Cyber Security - what do you all have in place as a must?


#1

Hi all,

I’m starting to think more about this now. I realise it’s a never-ending subject and there’s a lot to think about but, as a minimum, what do you insist on having in place?

As far as software goes, I use McAfee Live Safe Premium. I of course also have backup. Otherwise, unless I’m forgetting something else, it stops there.

Any hints or tips on what else should I be thinking about? :thinking:

Many thanks


#2

There’s quite a lot of different stuff to consider…
So an attacker getting into your computer via online: You want anti virus, you want spyware protection.
Someone snooping over the internet: You want a VPN on your phone and computer if using public wifi. You also need to make sure your broadband is password protected.
Then there is the risk of where you store passwords: You want ISO27001 security on anything cloud based. To be honest, it might not even be your fault - the online cloud provider might have a major breach and you get caught up in it.

Just general stuff, you might want to look at regularly changing passwords or increasing the complexity of passwords to make them harder to crack.


#3

To this I would only add to password protect any word or excel documents that have high risk Personal Data (date of birth, passport numbers, credit card numbers etc) wherever they are stored.

One thing I am not clear about, is the controversy about photographs given that these can be considered to fall into the Sensitive Data category which includes things like Ethnicity and Faith. But I have a client who is a speaker and therefore needs their image sent to conferences for advertising purposes …. I am well within GDPR as and have both individual consent and contractual agreements in place to regulate my storing such data … but should I password protect the folder too? After all, the images are in the public domain. Mind you … not sure what a cyber hacker would do with a photo so maybe it is less important.

What is certain is that for anyone dealing with HR this must be a real nightmare though!


#4

There’s an element of risk assessment involved - so if you do social media and deal mainly promoting stuff in the public domain, all you really need to do is keep the passwords safe. If you type up medical records, your system is going to have to have higher security built into it (and client SHOULD be asking/demanding this but often don’t!).

You can have a lot of redundancy built into the system too - I know one VA who has codewords for all her clients so if her notebook went astray, no one would know who the notes relate to. Or other VAs who work on specialised HR/Case Management systems provided by their clients - which makes the client responsible for its security - another way round it.


#5

Great - thanks Caroline, really helpful.

Google tells me McAfee is AV and spyware, and also that Microsoft (I use Office 365 and OneDrive) is audited against ISO27001. Phew.

VPN sounds like something I need to get for times when working not at home. I’ll get that set up.


#6

Thanks Anna. Very helpful too.


#7

@caroline @Anna2017 Thank you ladies. And do you both have a two-step verification process (or whatever it’s called) to get onto your laptop in the first place?


#8

I actually go one step further - I don’t take my laptop for meetings any more and it doesn’t have anything downloaded/saved on it anyway. I go armed with a notepad and a multicoloured pen - which seems ludicrously old school for a VA, but it curtails having to spend masses of time in meetings as it encourages them to do phone/video meetings instead.

Totally cuts out the potential for a missing laptop to become a security nightmare too!


#9

No, but my laptop uses Windows Pro so everything is encrypted on the hard-drive … and I have Norton VPN and Norton Security which protect me from attacks (it even scans my Outlook which sometimes is a nightmare but I would rather have it than not).

Plus with Norton I can remotely wipe the hard-drive clean if it was ever stolen/misplaced … of course if they really want to steal your data, they will find ways to unscramble and reinstate documents, but FSB Cyber Protection team said that they feel I have done as much as I can do and no one can be 100% protected but it would take a very determined hacker to get my Personal Data. So I felt a little better :slight_smile:


#10

Sorry, but what exactly does this mean?


#11

It’s a system that scrambles all your data on the hard drive so that you can only piece it together again if you have the correct “reading key”. WhatsApp’s main attraction to many, is precisely that it offers this as standard.

My computer had BitLocker which is Miocrosoft’s whole disk encryption service. I don’t know the particulars but I did find this guide fairly useful in explaining the differences:

Hope it helps you too :slight_smile:


#12

Thank you. I’ll look at this this evening.

One other quick question please if I may.

Is Windows Pro, which you said you use, a business version?

I realised last week that I bought Windows 365 Personal when clearly should have bought Windows 365 Business. There doesn’t seem to be the easy upgrade option and instead I have to buy a new Business subscription and cut my losses when it comes to the Personal version.

I just want to make sure I buy the right one this time.


#13

These are two different things sadly.

Windows (10, I should have added) Pro is the operating system that powers your machine. It is the business version but you can buy it for any computer if you want it. I need to travel with my laptop a lot, which is why I went all out, but I think you do not need it so long as you put the other protections in place as it does come at a substantial extra cost.

Office 365 Home is the software package you use for Word, Excel etc … having the professional version just gives you access to software like Publisher and Access in the package, but you can buy those separately if you need them … there is only real advantage to Office 365 Pro if you intend to have a bigger team of collaborators (I think).

You already have encrypting capacities as the article I gave earlier points out, but you have to remember to do it for the files you wish to encrypt whereas Windows 10 Pro comes with BitLocker as standard which does it automatically. But if you do not intend to move your laptop much, I would not worry, and if you do … just encrypt the folders you are interested in safeguarding.

Unfortunately, this is the greatest extend of my technological knowledge so do seek a professional’s expertise if you are worried … but I think you don’t need to be … and remember your advice to me about the SSL certificate I was in a flap about :wink:


#14

Bless you Anna - you always give such detailed and thorough responses. Thank you :star2::star2::star2:

Your explanation is really helpful - I actually hadn’t clocked that they’re two different things. I bought my laptop with Windows 10 and didn’t question anything about it.

Sounds like I need to understand more about encryption and how it works, how to do it, etc. I’ll have a proper read of your article this evening when the kids are in bed.

I also joined FSB earlier today and need to book in for the free fifteen minute security healthcheck. if I’m honest, I hope they’ll just tell me what to do and I can then do it. Certainly less time consuming than me trawling the internet trying to work it all out :exploding_head::blush:

Thank you again. I’ll try to leave you in peace now. At least for 24 hours… :stuck_out_tongue:


#15

What a nightmare area - every time I think I have cracked it they move the goal posts!!

I use Kaspersky and have offsite back up/support but am now being told it is a good idea to work towards getting the cyber essentials certificate (around £600 I believe)


#16

Who recommended that Maureen? There’s a DIY version which you can do - it’s mainly aimed at people who want to work with the public sector.


#17

Tell me about it Maureen. And it’s all such a minefield. I have recently joined FSB and am going to call them tomorrow for my fifteen minute cyber healthcheck. I’m hoping they can give me some real pointers on what changes I should make (there’s bound to be some) and how to go about doing so.

As for the £600 certificate. It’s overheads like that that stop start-ups and small businesses ever getting off the ground.


#18

I think there is a lot of scaremongering in order to sell you stuff - you see it a lot with accountants/lawyers telling VAs they should be limited or selling them courses surrounding fairly simple concepts which you can google the answer to.

Stuff like that, it’s well worth just asking on here… you’ll get a variety of responses!


#19

Good evening everyone,

Perhaps this has been mentioned already. I haven’t read in detail all the comments above.

If your Cyber Security “insurance” is with HISCOX (bought from HISCOX directly or via a broker), you may be offered a “Cyber Security” online training and test for free.

In addition to the above, if your business passes the test with a high score, you may get some discount.

Please check with HISCOX or your broker if you are entitled to this extra benefit. I presume this may depend on the level of cover or if this is processed online by yourself.

Regards.


#20

That’s good Carlos - I’ve often felt it a bit unfair I don’t get some kind of discount like I would with house insurance when I have good security!