Are you following these cyber security basics?
We’ve all heard the cyber security buzzwords – phishing, botnets, malware. You might be thinking, are these real and am I really at risk? The truth is, cyber criminals don’t tend to target businesses or individuals in particular. They target weakness. Cyber attacks are automated, they constantly probe for weaknesses, which is why it’s important to get into good security habits.
In light of this month’s Cyber Smart Week in New Zealand and Scams Awareness Week in Australia, we’ve put together some practical tips on the basics of cyber security to help protect yourself and your business.
Password security
80% of web apps are using brute force to compromise passwords. Protect your personal information with unique passwords that are long and strong.
Password managers are particularly useful in letting you use multiple strong passwords, as they can generate these for you and sync them across your devices to make it even easier to log in. It’s like an online safe that stores your passwords so that you don’t have to. You only need to remember one password to access the manager, which securely stores all your usernames and passwords.
For more tips on creating a safe password, read this article on Xero Central.
Two-step authentication
Two-step authentication (2SA) provides an extra level of security, by requiring an authentication code as well as your email address and password. This verifies that the person logging in is who they say they are. Adding another level of security with 2SA is like adding another barrier – making it harder for an attacker to get access to your accounts.
It’s especially important to set up 2SA on your email account, since this is often used as a method for resetting your passwords for other services. Once someone gets access to your inbox, there is potential for them to gain control of your linked online accounts.
If you’re a small business owner, 2SA can also help you keep your business systems and data safe. In Xero, there’s no limit to the number of users in your organisation, so ensuring each user has their own Xero account with 2SA set up on their own device will help to keep your information secure.
To learn how to set up 2SA in Xero, check out this article.
Keep your devices updated
Keeping on top of updates to software and devices is a simple and effective way of protecting yourself from a cyber attack. As well as changes to features or bug fixes, they’re also about fixing weaknesses, or vulnerabilities. It’s these vulnerabilities that attackers target to gain access to your device and data.
Developers are always looking for these vulnerabilities, and once identified, they change the code to fix the issue and send it to your device as a software update. Remember the sooner you update, the less time an attacker has to find and use these weaknesses. A good way to stay on top of updates is to set your system preferences to install updates automatically so you don’t have to remember each time.
Here are some top tips from CERT NZ for managing updates. If you’re a Xero customer, the Xero Checkup tool gives you a real-time snapshot of your security settings and makes suggestions on where you could improve your protection.
Check your privacy settings
While we all love sharing photos and updates with our friends online, it’s important to be aware of how much you’re sharing and who you’re sharing it with. Check your privacy settings on social media to make sure you control who sees your information, and only allow people to connect with you if you know them personally. Find out more about protecting your privacy on social media and other websites here. Speaking of sharing, why not share these tips and resources with your network to help keep others safe too?
Another way to protect yourself from privacy or phishing attacks is to be aware of how the organisations you communicate with normally contact you and the kind of information they tend to ask for. Look out for strange email addresses, mis-spellings or dubious-looking formatting, and think twice about opening any attachments.
At Xero, we have a security noticeboard where we let our customers know about phishing attempts that are pretending to be Xero. We’ve included some examples of things to look out for on the Xero security noticeboard.
You can learn more about security at Xero here.