At the end of this module you will be able to:

01 Know and understand the main risks of the digital transformation of family businesses

02 Grasp the essentials of cybersecurity to protect family businesses.

It is true that the digitalisation or digital transformation of your Family Business can bring you many positive things in terms of economic growth, it allows you to reach a wider audience and internationalise your business and therefore, expand your operational market and customers. However, the digital world also entails some risks that you should be aware of. With the growth of digital companies there has been a growth of cyberattacks too, which affect to all types of businesses and sizes.

Therefore, you must take actions to secure your company and data and, although it is impossible to have it 100% secure, you can learn and put into practice some cybersecurity essentials to keep your family business protected and reduce cyberattack risks.

We can make use of multiple devices which run with software in order to digitalize our family business. This includes both physical devices such as smartphones, computers and laptops, tablets, etc., and digital devices like applications, websites, and the browsers we use to navigate on the internet. Their software is programmed to secure your data.

However, as well as technology changes at a great speed, the cyberattacks and hackers’ strategies change and adapt too, getting to find software vulnerabilities. This is why we can find continuous software updates of the operating systems of the digital tools and devices we use every day. These updates are aimed at preventing cyber threats by changing and removing outdated features and information and including new ones.

An easy way of securing your business relevant information is to back up your archives, files, and data. You can store it securely in an external hard drive and in an online cloud.

In this way, if you suffer a cyberattack or your devices are affected by a virus, you will be able to recover your important information. When dealing with physical documents, you must make sure that they are stored securely too.

An essential of cybersecurity is the use of passwords. You should protect all your devices by setting up the requirement of strong passwords, the longest, the better. These passwords should be changed from time to time or for example, after a detected security breach.

Require your employees to use strong passwords as well and password-activated screen savers. Thus, the computers or devices will be locked after a period of inactivity, and your information will be secure. However, if you or your employees use portable devices such as tablets or smartphones, make sure those devices are never left unattended in public places.

Encryption means to hide the information or content of your devices from a naked eye. When data is encrypted, an algorithm consisting of several passwords transforms the information in a series of incomprehensible and meaningless letters, symbols and numbers.

This secures your sensitive information even if you lose your device or if a hacker steals it. Your data will be stolen but it will be useless for the criminal.

This system protects you from cyber criminals by requiring two or more pieces of evidence to check identification and give access to the device or data. This protection goes one step beyond the authentication of providing a password and makes it harder for a hacker to steal sensitive or personal information.

When you acquire a Wi-Fi router, it has a default name and password. These are very easy for hackers to crack, so you should change them. In addition to this, the router has an administrator password that allows you to change and manage the router's settings. Just like the router' s name and password, you should change this password as well.

Disable the remote management function and do not forget to log out of the administrator session once you are done.

To protect the information you send over the Wi-Fi network, you can encrypt your network by updating the router software. Look for WPA3 or WPA2 settings, which offer the strongest encryption.

Require strong passwords to access devices and sensitive and important information. Strong passwords should have at least 8 characters and a mixture of letters (capital and lowercase), numbers and symbols. A good way of protecting your family business is limiting the number of log-in attempts.

Staff is an important element of your family business and it could become a breach in your cyber security. Therefore, you must train your staff and create a “business security culture”. Train them to identify threats and keep an updated security plan that gathers a continuous training schedule, name of the staff who have access to sensitive personal and customers information, the procedures and actions for potential cyberattacks, how to security breaches, and warn them not to share passwords (via email, text message, on the phone) or keep them in a visible place.

If your company manages paper documents, you must consider training your employees to keep physical security at all times. This includes storing documents securely, locking them in a room or cabinet, limiting the physical access to sensitive data, deleting information correctly and shredding sensitive data documents when they are no longer needed.

Allow access to personal and financial information just to the staff who really need it.

Remind your employees to never leave sensitive data documents unattended in the workplace or in public places.

Physical security is also needed to protect data on your devices which you can implement with the recommendations mentioned before: strong passwords to access devices, multi-factor authentication, limit of log-in attempts, encryption of data, and training staff to always log off and keep an up-to-date antimalware software.

Your “business security culture” and training plan must promote cyber and physical security practices in all locations (inside and outside the workplace). It is important to bear in mind that when you or a member of staff access a device or information from a laptop or a flash drive for example, in a coffee shop or a public place, you must be extremely careful, never leave devices and sensitive information open, unlocked or visible, and never leave them unattended.

Phishing is a type of cybercrime. It involves sending fraudulent emails, advertisements or texts, but which appear to be from a reliable source or to come from a known person or company. The aim of this cyberattack is to steal sensitive information like usernames and passwords, bank account details, credit card numbers, etc.

The operating way is usually the reception of an email which urges you to click on a link to prevent you from a problem or issue. In case you do not click on it, something worse will happen. This link will take you to a web that will require your personal details and sensitive information, which will be stolen. In some cases, the link downloads malware that will be installed in your device.

You must ensure that the email is coming from a reliable source before clicking on the link. If you are receiving this request from what it looks like a known source, try to call or contact this person or company to confirm that they really require or need this information from you. Sometimes, the URL is suspicious or the email come from a Gmail account instead of from a corporate email account, what can give you clues of the phishing attempt.

If you are not sure about the credibility of the email or text, talk to someone else. This might help you find out if the email is real or a phishing attack.

You must back up your information in a different device from your network. If you suffer a phishing or cyberattack and scammers get into your network, your data will be safe and you will be able to restore it.

You must have an antivirus installed on all your digital devices. Always keep this software up-to-date and activate desktop and network firewalls. Make sure your email provider offers a secure gateway email and spam filter.

You can buy an antivirus or use a free option. Unfortunately, none of them will secure your device 100%. The differences will be in the functionalities provided, the characteristics of your system and compatibility with the software, the easiness of use, etc.  Some free options are: Avast, Windows/Microsoft Defender, Avira, Bitdefender.

Nevertheless, if you suspect that you have been phished, share it with your employees and alert them. Change all the passwords and if your sensitive customers or employee’s data have been stolen or compromised, inform all the involved people. Finally, do not forget to report it to the police or competent organisation.

If you share a mailbox with other members of your family business, you must make communication a must. With a shared mailbox the probabilities of being phished increase since the management of emails does not depend on just one person.

For this reason, you must train your employees and make them aware of the importance of making cybersecurity part of your family business security culture. Furthermore, a shared mailbox limits privacy and for this reason, sending confidential information or sensitive data via email should be avoided.

Remember (now you know about):

01 Cybersecurity basics

02 Physical security 

03 Phishing

04 Secure email management

Keep going!