Simple steps to reduce the risk of a cyber attack on your business. Cyber security continues to be a fast moving and evolving threat.
In 2020 the UK Government Cyber Security Breaches survey highlighted that 46% of UK businesses had reported cyber security breaches or attacks in 2019. Ensuring your business cyber security is up to date is essential in reducing risk and avoiding becoming an easy target for cybercriminals. Protecting your business doesn’t necessarily mean spending large sums of money.
According to a recent report:
Even the largest and most sophisticated online companies like Google and Facebook succumb to the threat of cybercrime.
Here are some simple policies you can put in place to reduce your exposure to cyber attacks:
Knowing where your data is held, whether it’s on site or in the cloud is imperative. Allocating responsibility whether it is in-house, or an outsourced IT provider it is essential that someone knowledgeable takes the lead. Firewall management, anti-virus and anti-malware software are the most basic levels of protection and should be part of every cybersecurity policy. Ask your IT provider about more advanced cyber defence strategies.
Compare what systems and applications you are using for protection, against what is available on the market. Cost is often a factor when deciding on new solutions, but the most expensive option isn’t always the one that will be right for you.
A robust policy ensures all staff understand what is expected and how to deal with an attack or breach. Having the right people in place to enforce and monitor the implementation of the policy is vital to its effectiveness. Overall responsibility should sit with a senior security officer who oversees the wider risk profile. Outsourcing this function is also a proven strategy for smaller businesses.
Firewalls prevent external access, but internal employees can be the ones who unknowingly provide it. Implementing data loss prevention policies can help ensure that information in emails and documents isn’t shared with the wrong people. For Office 365 users, security & compliance control can be managed here. Enforcing access restrictions on sensitive information can prevent disgruntled and coerced employees from illegal file access and sharing. Enforcing a strict password policy which not only involves password strength but also regular password changes (every 3 months is ideal) also helps unauthorised access. The risk of malware attacks on individuals’ devices can be partially mitigated with software, but raising awareness is the best form of prevention.
With increasing numbers of employees working from home or bringing personal devices into the workplace there must be strict guidelines around their usage. Ensure you have a device approval policy in place for devices before they are used for work purposes. There should be minimum security software requirements (e.g., endpoint protection). All software should be up to date and devices should have strong password protection.
Educating all staff members about why security matters and how they can help will not only reduce the risks but improve the response times when a breach occurs. Providing regular training sessions and up to date policy documents will encourage staff to put the guidelines into practice. Online learning is a great way to implement staff cybersecurity training.
Always be prepared. Even the most secure cyber security systems can be infiltrated so always have a plan in place to deal with a breach and test it. Implement early alerting – set up firewalls and security software to alert you when something unusual is happening.
A traditional signature-based firewall is no longer suitable to protect your business against attacks as it is not the only method of access anymore. Consider implementing security measures for wireless and wired access points. Simple measures such as MAC address blacklisting help to prevent unauthorised access to a network.
Outdated hardware and infrastructure can cause easily exploited vulnerabilities that software updates can’t solve. Where possible update your hardware and infrastructure every 2-3 years to stay up to date with the latest technological development and improve your protection.
It’s important to allow regular software updates to keep all your computers up to date with the latest security updates. This can normally be done by enabling auto-updates on your operating system or software packages. Within organisations a centralised security update policy ensures that no computers are left exposed.
Business cyber security is an ongoing management process that needs to be regularly monitored and updated to be effective. Test the systems you have in place and keep accurate records so you know where improvements can be made and where your weakest links are. Testing and improving your known vulnerabilities regularly will safeguard you from future attacks.
As part of your initiative to improve business cyber security you may be considering updating your computer hardware. Make sure to remove and destroy the storage devices (such as hard drives) when disposing of old kit. This includes removable storage media such as USBs, DVDs and CDs. The destruction of these should be carried out by a reputable security firm.
Where possible carry out background checks on prospective employees to check for previous criminal convictions. Check contracts between technology vendors and service providers to determine how they manage data security and adhere to regulations. Pay a visit to companies that will be handling any customer data to check out their security, backup procedures and personnel.
You might think that physical security doesn’t apply to cyber security, but if someone can get physical access to a laptop or desktop then they can provide access to others online or install trojan software. Install restricted door access such as assigned key fobs to monitor who enters the office. This includes external providers of services such as cleaning and maintenance.
As the threat of cyber security is always changing and evolving any time spent waiting or delaying implementing or improving your cyber security plan leaves you further behind and at greater risk. Even if you only start with a few of these tips start today and you never know when a cyber attack might take place…
For further help with managed firewalls, secure networking or cyber security solutions contact us or call our team on 0345 004 4040