Ten tips for cyber safety



Exposure to cyber risks can have serious legal, financial and reputational implications for your firm. That’s why you need to understand the risks and be vigilant about managing them so you can protect your business and your clients.

Here are 10 things to keep in mind when it comes to cyber-security.

Things you should know: Count used reasonable efforts to ensure the commentary in this blog was accurate and true at the time that it was posted, but Count is not liable for any errors or omissions in the commentary. Since the time of posting it is possible that regulatory requirements and laws upon which the commentary were based have changed and the content is outdated. The commentary provided in this blog is informational only and while care was taken in the preparation of this blog, no liability is accepted by Count, its related entities, agents and employees for any loss arising from reliance on this blog. Any commentary regarding past economic performance is no indication of future performance and should be used as a general guide only.

1. IT shouldn’t be DIY

To create a safe and secure cyber-environment for your business, make sure your network, systems and software are set up and managed by an IT professional. Even if your firm isn’t large enough to employ in-house IT support staff, you should still have an IT consultant on call who can help you troubleshoot any security risks as soon as soon as they arise. Schedule regular check-ups with your IT consultant to make sure there are no hidden threats lurking in your systems.

2. Get everyone on board

Each person in your business needs to understand their cyber-security responsibilities — and don’t assume everyone is automatically on the same page. Implement and document clear policies and procedures on how to appropriately access, manage and share sensitive data, including confidential information about your clients and your business. Make sure each new staff member is brought up to speed as part of their induction process.

3. Don’t share

It may seem obvious, but it’s vital that every person who uses your IT systems has their own login details, including a unique user ID and password. This applies not only to employed staff, but also contractors and consultants. Passwords should be complex, difficult to guess and regularly updated. They should never be shared, written down or kept on file.

4. See who’s doing what

Having unique login data for each user not only helps prevent unauthorised access, it also allows you to track user activity. For example, if your project management or client relationship model (CRM) software has an audit trail function, it will specify which user has added or updated files, along with any other changes they’ve made. This can also help you isolate and resolve any user errors before they’re repeated.

5. Keep the gremlins out

Trojans, viruses, worms, ransomware…there are all sorts of cyber threats that can infiltrate and wreak havoc with your IT systems. And because these threats are always evolving, it’s essential that up-to-date antivirus software is installed and running on each device in your network. To stay safe online, avoid visiting unsecure sites or clicking hyperlinks in ‘phishing’ emails, and be especially careful when making financial transactions over the internet.

6. Security in the office

It goes without saying that your business premises should be have a high-quality security system in place to protect your firm against theft. This is doubly important if you store any confidential information in your office, either in paper files or on individual computers or a local server. But even a state-of-the-art burglar alarm can’t protect your data against things like fire or flooding, so make sure you regularly back up your data and store it offsite.

7. Security in the cloud

The cloud isn’t just for data storage — financial software packages are also becoming increasingly cloud-based. If you’re new to working in the cloud, you need to be aware of the pros and cons before making the decision to move. Only use reputable providers with appropriate security certifications, ensuring your data isn’t being handled by third parties such as marketing agencies or hackers. Check with your provider that your data is being encrypted, and that backups are being performed every night. Some providers will also let you perform your own backups/make your data available for download – a great option if the provider becomes insolvent or wiped out from security attack.

If you are considering the use of cloud base software there are obligations that you must adhere to. Privacy laws do change and you may be required to seek approval from your Licensee before entering into agreements with cloud based companies.

8. Security on the go

Another benefit of cloud software is that you can work anywhere, anytime, with online access to your client files and business apps. But what if your device is lost or stolen? To keep your data as safe as possible, make sure each of your devices has a unique password — and definitely don’t use the same password for apps that can be accessed from that device. Also, remember to log out properly whenever you finish working or browsing online; don’t just close your browser or put the device to sleep.

9. Make a clean break

It’s not just anonymous hackers who could take advantage of your confidential data. If a staff member leaves your firm, you’ll want to make sure your clients’ personal information doesn’t leave with them. That’s why you need to have strict protocols in place for whenever an employee or contractor exits the business. Keep an up-to-date record of which systems, networks and files each staff member can access, and be sure to cancel their access on the day they leave.

10. Prioritise cyber-safety

When it comes to protecting your firm and your clients, the most important thing is to apply a cyber-security lens to everything you do. Make sure any existing risks are managed well and avoid exposing your business to new ones. And if you’re ever in doubt, get advice from a cyber-security professional before a potential threat causes any real damage.