Protect your business with practical steps to prevent a cyber attack.
Easily check if your business has been involved
in a security breach with our online breach checker
In 2020 the UK Government Cyber Security Breaches survey highlighted that 46% of UK businesses had reported cyber security breaches or attacks in 2019. Ensuring your business cyber security is up to date is essential in reducing risk and avoiding becoming an easy target for cybercriminals. Protecting your business doesn’t necessarily mean spending large sums of money.
According to a recent report:
“82% of data that was lost or stolen could have been prevented if the business followed a simple internet security plan.” – Symantec Threat Report
Even the largest and most sophisticated online companies like Google and Facebook succumb to the threat of cybercrime.
Here are some simple policies you can put in place to reduce your exposure to cyber attacks:
1. Cover the basics
Knowing where your data is held, whether it’s on site or in the cloud is imperative. Allocating responsibility whether it is in-house, or an outsourced IT provider it is essential that someone knowledgeable takes the lead. Firewall management, anti-virus and anti-malware software are the most basic levels of protection and should be part of every cybersecurity policy. Ask your IT provider about more advanced cyber defence strategies.
2. Know your vulnerabilities
Compare what systems and applications you are using for protection, against what is available on the market. Cost is often a factor when deciding on new solutions, but the most expensive option isn’t always the one that will be right for you.
3. Implement a company-wide cybersecurity policy
A robust policy ensures all staff understand what is expected and how to deal with an attack or breach. Having the right people in place to enforce and monitor the implementation of the policy is vital to its effectiveness. Overall responsibility should sit with a senior security officer who oversees the wider risk profile. Outsourcing this function is also a proven strategy for smaller businesses.
4. Set appropriate access levels
Firewalls prevent external access, but internal employees can be the ones who unknowingly provide it. Implementing data loss prevention policies can help ensure that information in emails and documents isn’t shared with the wrong people. For Office 365 users, security & compliance control can be managed here. Enforcing access restrictions on sensitive information can prevent disgruntled and coerced employees from illegal file access and sharing. Enforcing a strict password policy which not only involves password strength but also regular password changes (every 3 months is ideal) also helps unauthorised access. The risk of malware attacks on individuals’ devices can be partially mitigated with software, but raising awareness is the best form of prevention.
5. Set a BYOD policy for employee devices
With increasing numbers of employees working from home or bringing personal devices into the workplace there must be strict guidelines around their usage. Ensure you have a device approval policy in place for devices before they are used for work purposes. There should be minimum security software requirements (e.g., endpoint protection). All software should be up to date and devices should have strong password protection.
6.Train your staff to spot threats
Educating all staff members about why security matters and how they can help will not only reduce the risks but improve the response times when a breach occurs. Providing regular training sessions and up to date policy documents will encourage staff to put the guidelines into practice. Online learning is a great way to implement staff cybersecurity training.
7. Have a recovery plan ready
Always be prepared. Even the most secure cyber security systems can be infiltrated so always have a plan in place to deal with a breach and test it. Implement early alerting – set up firewalls and security software to alert you when something unusual is happening.
8. Implement device policies
A traditional signature-based firewall is no longer suitable to protect your business against attacks as it is not the only method of access anymore. Consider implementing security measures for wireless and wired access points. Simple measures such as MAC address blacklisting help to prevent unauthorised access to a network.
9. Keep your infrastructure up to date
Outdated hardware and infrastructure can cause easily exploited vulnerabilities that software updates can’t solve. Where possible update your hardware and infrastructure every 2-3 years to stay up to date with the latest technological development and improve your protection.
10. Keep your computers up to date
It’s important to allow regular software updates to keep all your computers up to date with the latest security updates. This can normally be done by enabling auto-updates on your operating system or software packages. Within organisations a centralised security update policy ensures that no computers are left exposed.
11. Carry on improving
Business cyber security is an ongoing management process that needs to be regularly monitored and updated to be effective. Test the systems you have in place and keep accurate records so you know where improvements can be made and where your weakest links are. Testing and improving your known vulnerabilities regularly will safeguard you from future attacks.
12. Dispose of old hardware correctly
As part of your initiative to improve business cyber security you may be considering updating your computer hardware. Make sure to remove and destroy the storage devices (such as hard drives) when disposing of old kit. This includes removable storage media such as USBs, DVDs and CDs. The destruction of these should be carried out by a reputable security firm.
13. Vet new employees and providers
Where possible carry out background checks on prospective employees to check for previous criminal convictions. Check contracts between technology vendors and service providers to determine how they manage data security and adhere to regulations. Pay a visit to companies that will be handling any customer data to check out their security, backup procedures and personnel.
14. Don’t forget physical security
You might think that physical security doesn’t apply to cyber security, but if someone can get physical access to a laptop or desktop then they can provide access to others online or install trojan software. Install restricted door access such as assigned key fobs to monitor who enters the office. This includes external providers of services such as cleaning and maintenance.
15. Start now!
As the threat of cyber security is always changing and evolving any time spent waiting or delaying implementing or improving your cyber security plan leaves you further behind and at greater risk. Even if you only start with a few of these tips start today and you never know when a cyber attack might take place…
For further help with managed firewalls, secure networking or cyber security solutions contact us or call our team on 0345 004 4040
Easily check if your business has been involved
in a security breach with our online breach checker