Reducing digital tool risk so you can sleep soundly

Written By Malcolm Colman-Shearer

You’ve got digital tools and you no longer want to stay up late at night wondering whether your information is secure…? Here is a checklist of things you can do to make sure you’re up to scratch. (Note: We’re not cyber security experts, these are simply the tips we’ve picked up in our digital operations work.)


The simple things first:

  • Add a recovery email and phone number to your email account (if someone tried to login, you’ll be alerted)

  • Setup a team password manager

  • Use that password manager to create strong passwords, starting with any that have been compromised.

  • Add that password manager to your phone, that way if something happens to your primary device, you’ve got another way to access your passwords. Also, if you can customise your password “recipe” choose memorable passwords, that way, if you do need to manually enter a password from your phone to login to a replacement device, it’s a lot easier. Imagine reading and typing from your phone “asdjwqer8q324rj” vs “welcome Badger tiger!”. I’ve done it a few times and it’s not fun.

  • Add a password to your device. You only need to remember two passwords, your device and your password manager.

  • Setup two factor security, ideally via your password manager so you can share accounts that have two factor on them.

  • Of course, a firewall and anti-virus are crucial (you can debate whether it’s useful for a mac - I tried Avast for a while and it’s never stopped a virus but did stop me being an idiot when, in a moment of distraction I clicked on a phishing link!)

More extensive:

  • Train staff on how to detect phishing. People are the first line of defence.

  • Write up a plan for what will happen in a digital emergency so your team isn’t stuck in the mud, especially if they’re working remote and can’t contact each other! (If you’re locked out of your computer and software are you able to call someone else?).

  • If you’re on Google Workspace, switch on all the Safety features in Workspace Settings / Gmail.

  • Setup DKIM and SPF to verify your outgoing email (and also in any other tools you’re using like email campaigns or a help desk) so that hackers can’t imitate your address and so your emails turn up looking legit in the receivers inbox. You can check if it’s working correctly here.

  • Setup Single Sign On (SSO) so that you’re logging in to your digital tools with your most secure account. eg your Google account.


Policy’s that can help to increase your overall security:

  • Have a backup device. (If you’re working from home and your laptop is stolen, or broken, can you recover your data quickly? Can you get in to all your newly secured accounts?

  • Optimi has cyber and liability insurance and we recommend considering it, especially if you host sensitive/critical data.

  • Make sure there are internal policies and processes to protect you from accidentally being a victim of fraud:

    • Could a hacker break in (or imitate) one of your accounts and get the accountant to transfer large amount’s of money? eg. A real world scenario that we dealt with:

      • a board member sent this message below to the accountant, the member’s name was in the email from field but the address was <emailsphones1@gmail.com>


      • Are you available to set up an international payment now? Have a pending payment to make today. Regards. Name of board member.

      • If they’re really savvy they’ll break in to the account of the CEO or other person who they know has authority, check their calendar app and when the victim is in a meeting or getting on a plane, send the message and state that it’s very urgent!!

    • Do you have a process for when a vendor changes their bank account? It can be a legitimate request but also an avenue for fraud. If you pay money to an incorrect account, it could be very hard to get back so it’s best to call the vendor and make sure the request is legitimate.

  • Update your privacy policy, T&C’s and any contracts to make sure you’re covering security risks.

  • Setup a risk register. Get your team to review what al your digital risks are and make sure you have a mitigation for them, even if you’re listing the mitigation as “nothing” at least you’ve got a little more control over it by making that decision.



If you’ve covered off most of those items, or at least started considering them, you’re on your way to reducing your risk and decreasing your worries!

There’s more to it than that of course, but that’s your free upgrade! ;)

Malcolm
















Malcolm Colman-Shearer
Previous

Save time when you’re using digital tools
Next

4 recommendations for empowering people while managing information in a human centred organisation