Best practices to protect your business and stay safe online
We would all like to think that in today’s world of top-tier technology we’re safe online – but are we?
Quite often, we see big scandals in the news involving banks or large corporations. They get hacked and their customer data becomes compromised and is commonly sold to the highest bidder. So how do you avoid being the next target?
Many people fall victim to all kinds of security breaches and fraudulent services every single day. That’s why we’ve created this blog to help you identify what hackers look for, so you can stay protected online.
Working in the financial services industry means we are more susceptible to these sorts of online attacks.
The same goes for the car dealerships we work with, who handle sensitive customer information daily. This could be payment information, car registration plates or even home addresses of staff or customers.
Compromised customer data can cause severe and sometimes irreversible damage, and at the very least will cost you a lot of time, effort and most likely money to put right. That’s why you need to ensure you and your staff stay secure online.
General online safety
We all look for cheap deals online, whether it be at home on our laptops or phones on-the-go. However, it’s important to double-check that any website you visit that requests personal information from you has Https:// in the search bar.
The “S” stands for secure and that’s how you know that your data will be encrypted and safe. It’s also extremely important that your staff understand the fundamentals of checking the validity of sites. Especially if they need to download software or important updates.
What hackers look for
This may be surprising, however not every hacker will try and get into your bank account to transfer money to theirs. Many hackers use social engineering tactics to gain personal information. These can be used to engage in identity theft of the victim. This can come in many forms, for instance, have you ever received an email from your “boss” with a strange request? Well, chances are you soon realised that this was not your boss!
These types of hackers will utilise information put online by you and your company, on sites such as LinkedIn. They seek out their next victim, discover where they work and find out who their boss is. From there, It’s very easy to set up a fake email name so that when you see an email from “your boss”, you think it is them and instantly reply.
Most email services are good at detecting spam or phishing emails. However, if you receive an email which doesn’t look right to you, don’t delete it. Instead, mark it as spam manually, as the algorithm that decides whether or not an email is span is an ever learning one. In plain English, that means it automatically adapts to what you mark as spam!
Take a look at an example of one of these emails below…
Although at first glance everything seems normal, when looking at the email again, it was clear that this wasn’t from someone within our business. That’s why it’s important to double-check the email address of the sender.
This may seem like an easy thing to spot. However, you could be having a busy day in the office and rush to respond. That’s what some hackers rely on so that you fall victim to data theft.
General email safety practices are simple. Don’t send any personal information, unless you are certain you are sending it to the intended recipient. Furthermore, don’t click any links that you were not expecting to receive. Top tip: You can hover over a link to see where it actually goes. Don’t use your personal email for work purposes, or your work email for personal reasons.
According to SplashData’s analysis on millions of leaked passwords online, the most common password is 123456. We know how hard it can be remembering long passwords for multiple accounts but it’s necessary and important.
Here are some general tips on how to create the most secure passwords:
- Have at least 12 characters
- Include numbers, symbols and use uppercase and lowercase letters
- Stay away from “dictionary” words
- Don’t rely on easy substitutions such as “passw0rd” instead of “password”
Another useful thing to do is keep a physical note of your passwords for different sites. We don’t recommend a post-it note that you attach to your laptop! Keep them in a secure place that only you can access. It’s also vital that you don’t use the same password for every site.
An alternative to this is considering password vault programs, which will keep your passwords encrypted in one place. Most of these programs will send you an alert if your password becomes compromised, to notify you to change it.
This is because if one of your accounts is compromised, there is a higher chance the hackers will try to log into your other accounts that have the same password and before you know it every single account you own has been taken.
There is a way to avoid this by using two-factor authentication. This is a very simple process which most applications and sites that store sensitive information will offer to you.
Two-factor authentication is a process which requires you to complete a secondary security check (in addition to your password) if you are logging in to an account on a new device. For example, this could be a code sent via text message or a link sent to an alternative email. Sometimes it may even be a QR code, that you scan with your mobile device which is already signed into the account you are trying to access on another device.
Two-factor authentication gives you an added level of security which is vital in the event of a data breach.
Many smaller businesses may not see a need to invest in strong antivirus software. However, considering how easy it is for a single person in your business to click a bad link by accident, putting the entire system at risk, we highly recommend installing a premium quality antivirus software.
Some antivirus software can have a pretty hefty price tag, especially for smaller businesses. Our in house specialists recommend Sophos Home who offer a free, industry-grade, antivirus software to protect your devices.
We understand that not every business has access to its own online security or compliance team.
To ensure that every single one of our dealers stays properly protected, our team works tirelessly.
All our people take the industry-recognised Specialist Automotive Finance qualifications and complete in-house bespoke compliance training. DSG also has the ISO27001 accreditation, which is the industry benchmark for system data security.
This helps us understand our dealers specific needs, ensuring everything from the finance agreement to statutory rights and necessary documentation, has been properly provided.
Additionally, we are Cyber Essentials Plus certified which guarantees that we stay guarded against all the common threats listed above. Furthermore, we’ve put into place safeguards when we do business to ensure all information and customer details are safe from any form of data theft.
If you would like to contact our compliance team to find out more about our safeguarding practises, you can get in touch here.