Versions Compared

Old Version 16

changes.mady.by.user Jodie Miners

Saved on

compared with

New Version 17

changes.mady.by.user Jodie Miners

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Easy Mode

Get it Done

The Journey

  • Is your business email tied to your Domain Name? Or are you using a public email provider like gmail, or your ISP’s webmail?

    • A friend recently found that she could no longer do email marketing from Mailchimp as she had been using her ISP email address as her business email address, and many email accounts will no longer allow bulk email to be received from domains that are not set up with the right security.

  • You’ve already ensured that Multi Factor Authentication is turned on for your Email Account, so don’t forget your Website (along with all other apps that you use for business).

  • Your team does not log into another team member’s email. You have procedures in place for dealing with emails while a team member is away, or after they have left. (Eg see Google’s help docs for how to do this in Google Workspace, and M365, but you are not alone if you find all of Microsoft documentation impenetrable, and you need your Technical Advisor’s assistance).

  • Understand the key terms you need to know to be more secure with your Email. ASD has a great reference page on this topic.

  • The UK Gov has a good page with examples of phishing emails that may be helpful.

  • Don’t click on links from emails you are not expecting. If you are using Chrome, Google should spot a malicious website, but it’s the seemingly legit websites that can be tricky.

  • Use some https://tddprojects.atlassian.net/wiki/pages/createpage.action?spaceKey=CYZ&title=URL%20Tips%20and%20Tricks&linkCreation=true&fromPageId=3011117160 to check the URL if it is something you are not quite sure about but really want to open.

  • I have an email scanning tool linked to my main email account. I use Guardz, which is great, and cost effective. Bleach Cyber is another similar tool.

  • Your email may have some built in settings to help reduce spam that gets to your inbox. Check with your Technical Advisor.

  • Training for your team must include topics on best email practices. At a minimum, the ASD website has some great content. Cyber Wardens is a good program to enrol your team in, and my email scanning tool, Guarz, has cybersecurity awareness training built in.

  • If you want to buy additional email training, there are some great options out there, Huntress, My Business, and Cyber Eclipse but remember, we don’t blame team members who click on links, we educate.

  • You have your DMARC, DKIM, and SPF settings all set on all the domains your business uses for email.

  • Your Email Marketing tool has those settings verified and you can send your bulk emails without half of them bouncing.

  • You will have up to date, or automated patching of your email software.

  • You will have a vulnerability scanner for your email (and other business systems software).

    • Your Technical Adviser can suggest some advanced settings on your M365. (And no, the Australian Government’s Essential 8 does not give advice for any other platform than Microsoft 365, so talk to your Technical Advisor if you use Google Workspace. But Google has some documentation and here is an easy to read guide.

Who looks after your Website?

  • Does it have the latest version of your website software (eg WordPress)

  • Are all the plugins and themes updated to their latest version?

  • Who checks this at least monthly?

  • Who checks that the website up and working as intended.

  • Who checks that the privacy policy on your website is accurate and reflects what your business does?

  • Does your website have a login function for clients, or a shopping cart, or do you store client data? (if so, the scope of this document is not enough, so talk to your Technical Advisor).

    • Even your Contact Us form will store data by default, and should be deleted after you have dealt with the Contact request.

  • Does your website have other apps that link in to it? Like Email Marketing, a Booking System, or similar. These services are just as important as your website, so make sure your Technical Advisor knows about them and how everything works.

  • By now, hopefully, you have implemented a SSL certificate on your website. Note down the date of expiry of the certificate so you can be sure to update it.

  • Set up website scanning tool to monitor your website and ensure it is free from malware and other issues. I use https://sucuri.net/ but your website hosting provider may have it included also.

  • Think about the difference between data and content. Data does not belong on your website. Data you collect should be removed as soon as practical after you have done something with it. Many forms tools have an auto delete function.

  • Where is your website hosted?

    • Does your hosting provider provide details of when their systems have last been updated and patched?

    • Do you have a dedicated server? Do you know what the hosting company does for patching and updates, or do you have to look after some aspects of this yourself?

  • Do you have someone actively looking after your website, and ensuring it is regularly updated and all the plugins updated and working smoothly?

  • Is there a way you can have your SSL certificate updated automatically so it doesn’t expire?

If you are at this level, your website is most likely a key part of your service delivery, and is not treated differently from any of your other critical business systems.

  • See my page on Websites and Salesforce for more technical details as to how a website can work as the basis for your whole business systems.

Your Domain Name is the gateway to your business.

  • Who is the Domain Reseller?

  • Is the Domain contact details up to date (and in your name).

  • What is the expiry date of the Domain?

  • Do you have the domain set to auto renew? And is the credit card up to date?

  • Who do the important domain related emails come to? How do you ensure they don’t get missed?

  • Do you own the domain names for every aspect of your business (eg every trading name).

  • Do you own the domain names for miss-spelling or similar names? The ASD has some good advice.

  • Do you own the .au domain for your business?

  • Is your personal email sent to your business domain? (A friend recently retired and gave up her registered business name. Unfortunately that meant she could no longer keep her .com.au domain that she had been using for 20+ years as her only email address. Don’t let this have to be a thing you have to think about changing in your elderly years!

  • Who hosts your DNS?

    • That may be different from your Domain Registrar, and it even may be different from your Website Host.

    • Know where it is hosted, and know how to update it when needed.

  • Are your DNS records correct?

    • After many years there may be A records, or TXT records that are no longer in use. Ensure they are updated to be relevant for your business now.

    • My security scanning tool, Guardz tells me about random DNS records that may need looking into.

  • Are all your domains redirected to your main website?

There are many more considerations for Domains as your business gets larger or more technically complicated. Your Technical Advisor will be able to help. Here is a good guide for DNS related issues.