1. Your website is under constant attack both within the UK and all around the world. Some nine out of ten login attempts to eCommerce websites are hacking attempts a speaker said recently.
2. You must assume you will at some point be hacked however careful you are. Being careful obviously reduces the risk of this happening
3. When you are hacked you need to have everything in place to get back up and running quickly. ie accessible up to date back ups.
4. Losing data through hacking is a Data Breach that should be reported to the ICO. Repeated breaches would indicate to them you are not acting properly and lead to trouble.
5. Businesses are tempted not to report breaches in spite of the legal obligation to do so. Employees are even less likely to report breaches they have caused to their employer.You must impress on Employees the importance of proper reporting or the consequences for your business could be very bad.
6. Some businesses arrange for employees to change passwords every three months as recommended. However if they change in accordance with a four part connected sequence there is no point. Changing Winter24 to Spring24 and then Summer24 is pointless.
7. Be careful what information you put on your social media. Serious hackers will look at this for a source of information to break passwords and find memorable information . Examples are your Mother’s maiden name ( see your uncles full names), your date of birth, your favourite football team, your pet’s name. Better to use random letters as passwords.
8. The most used passwords are still 123456 and password- yes really.
9. Employees can be the weakest link. Some will learn about security. A minority ,unless you are a dreadful employer, will be malicious and intentionally cause trouble especially if leaving. Make sure former employees are instantly deleted from the systems once they go. We often hear of people logging in months after they leave. The vast majority of employees have no bad intent but just get lazy or make a mistake such as clicking a dodgy link that has bad consequences . Training you employees is therefore key and then monitoring them afterwards so they do not slip into bad habits.
10. Ensure that staff only have access to what data they need to do their work. In the past often everyone could access everything but the more people see more data the greater the risk of a breach. So work out what individual employees need to see then limit them to that. Most modern programmes enable employees access to be limited in this way.

If you need help with this and need advice and a way forward please contact us.