You don’t have to be a company the size of British Airways to be vulnerable from a cyber attack. In fact, over four in ten (43%) of all UK businesses suffered a breach or attack in the past 12 months, according to the UK Government (gov.uk).
The most common breaches or attacks reported were as a result of fraudulent emails, where the sender tries to coax staff into revealing passwords or financial information or opening dangerous attachments, followed by instances of cyber criminals impersonating the organisation online, then malware and viruses. When looking at large businesses, the number of breaches or attacks rose to more than two thirds (72%).
Your network security is under constant stress against the best, brightest and most innovative forms of cyber threat. Ensuring it’s up to date, fast and effective is certainly at the top of the priority list, but how can you stop spam emails from reaching people’s inboxes? Well it would appear, for many reasons, that it just isn’t possible to stop spam altogether.
The drive towards a digitally-enabled business has changed the data security landscape.
Gone are the days of a well-defined data centre perimeter that can be secured using perimeter solutions alone. Access to systems and applications is no longer restricted to fixed office locations, as many more of us take advantage of mobile and flexible working.
For many of us, the line between home and work is increasingly blurred. From the moment we wake up, we start browsing news stories on social media and reading work email. We continue to connect on the train or bus, in coffee shops, motorway services and of course the office, in an attempt to squeeze as much out of the day as humanly possible. But at what cost to company security?
How many WiFi connections are actually secure?
Back in 2016, Kaspersky conducted research to test the security of public WiFi hotspots around the world. It found that 28% of the world’s WiFi networks have no encryption or password protection of any kind. So when your employees are working on the go, they could potentially be transmitting data that could be read by third parties.
Hackers are smart and are always looking for opportunities
What I am still amazed by it that somehow we still believe that being connected via our smartphone or tablet puts us beyond the risk of cyber threat. Mobile technology has, no doubt, transformed the way people work; we’re no longer tied to an immovable desktop computer and can mean working on multiple devices at the same time. But when employees connect their work mobiles, tablets and laptops to open networks and download / load up a mixture of apps to support day-to-day work, such as Twitter, Salesforce, LinkedIn or Dropbox, can you really be sure that your company information is secure when hackers are looking for every opportunity to attack?
#9 basic steps to help protect your business
For many employees, clicking on attachments and searching the Internet is part of their job. As a business owner, you have a duty to educate your employees on the dangers of spam emails and information security in general, and what to do if they believe they’ve received a suspicious message.
#2. Set access permissions
Assign access to systems and applications only to those who need it, asking yourself what is the minimum level of access they need to do their job. If their job changes, then you should remove access if they no longer need it.
#3. Multi-layer defence
Perimeter security controls are no longer sufficient in protecting personal and sensitive data, especially when systems, applications and data are spread across any number of cloud-based servers and data centres. Isolating data, using techniques such as secure micro segmentation, helps to reduce the effect of an attack should it happen because an infection in one area cannot easily spread to another.
#4. Back up systems regularly
Having a backup of all of your systems, applications and data – including emails, servers and cloud data – is one of the most fundamental elements of business recovery in the event of an attack. Whether you choose to do this onsite or via a third party, it’s important to backup your systems regularly and have access to the backup files when you need them.
#5. Monitor the environment
If you are keeping an eye on your IT systems regularly, it will be easier to spot something that looks suspicious. For many small and medium sized businesses this may feel like an addition cost, but having someone who is closely monitoring for data breaches is essential given the new 72-hour rule to report an incident under GDPR.
#6. Only collect what’s absolutely necessary
It may be tempting to collect lots of information about your customers, but the reality is that you have to store it and keep it safe. If you only collect the minimal amount of data you need and keep it for as long as you need to use it, them you are reducing the risk of information being exposed in the event of a cyber attack. Also, it’s advisable to store highly sensitive information in a different data centre to widely-used systems.
#7. Encrypt sensitive information
While this may sound obvious, it’s worth highlighting that you should encrypt and sensitive information in order to keep it confidential.
#8. Keep antivirus and spyware software up to date
Sounds straightforward, but it’s easy to snooze the reminders when you’re in the middle of doing an important piece of work. If you don’t keep your antivirus and spyware software up to date then you don’t have the latest security patches and risk leaving your systems and information exposed to hackers. This also includes keeping your operating systems, software and devices up to date too.
#9. Establish policies and procedures
To tackle the issue of unsecured devices, establish and enforce a BYOD (Bring Your Own Device) security policy, which can inspect and block devices which do not meet your standards for security. Develop a backup and recovery plan to ensure business continuity in the event of a security breach or attack, so that you can get up and running again quickly. This should also include a clear communications plan that outlines how you will communicate with any affected customers.
Humans are the weakest link in the chain
Do not count on your employees to keep your business safe. While it is still important to make sure that employees are aware and well-trained in data security and are taught to not open email attachments from unknown sources or click on web links, it is almost impossible to stop human nature when the majority of work is doing exactly that – opening attachments and clicking links to websites.
You can have the most sophisticated cyber security in place to protect your IT environment, but we are probably the weakest link in the security chain and you need to plan for this.