27th October 2020 | Posted in Cyber Security
The cyber security posture of a business is the responsibility of all employee’s, not just IT staff and senior management. Cyber criminals are always on the lookout for vulnerabilities that they can exploit at the drop of a hat. Here are some actions that you and your staff and use straight away.
Ensuring that you have a strong password for your systems and accounts is only part of the puzzle. Enabling two-factor (also known as multi-factor or ‘2FA’) authentication adds an extra layer of security that can make all the difference in cyber protection. If a malicious individual were to access your password to an account, then they would still need to get through the 2FA process. This security measure usually comes in the form of a code that is texted to a linked mobile phone number, a security app or fingerprint recognition.
Employees are a primary source of data breaches within businesses. These breaches can lead not only to compromised data but ransomware attacks and stolen finances. Security is compromised unknowingly in most cases, with damage being done before action can be taken. This is due to a lack of user training in most circumstances, making it even more essential that employees with access to network systems are trained in cyber security best practices and policies. If your employees are not aware of these policies and not following them, then you are fighting a losing battle. Ensure they take note of all policies and record and document this acknowledgement. Raise staff awareness of common cyber security threats such as email phishing. It’s important to know how to prevent phishing attempts and what suspicious emails look like. Educate them on best practices such as never click a link or attachment on an email, even if it looks legitimate. Call the sender first if necessary, for verification. For an extra layer of security engage in phishing simulation training to see if they have taken cyber security best practices onboard.
Password management is a straightforward security process but one that is overlooked time and time again. The Verizon 2020 Data Breach Investigations Report found that 67 per cent of data breaches happened due to credential theft. Passwords should never be the same across your systems and applications. If one account was compromised, then all accounts could potentially be accessed across your company’s network. Creating unique, complex passwords is essential. A strong password contains at least 10 characters and includes numbers, symbols, and capital and lowercase letters. A password manager such as 1password can help. Password managers store your passwords in an encrypted format so If you ever needed to share access to anything, you can do so without giving away your password. Enforce safe password practices.
Make sure your software is up to date. Outdated software can leave the door open to hackers to exploit as there will be numerous vulnerabilities that haven’t been rectified. Phishing attacks involve installing malware on the employee’s computer when a malicious link is clicked. It’s therefore essential to have the latest anti-malware software installed on all devices and networks as it will come with the latest security patches. The most important software update is to make sure your anti-virus software is operating the latest version, keeping you protected from the latest cyber threats.
While it’s important to prevent cyberattacks, it is still possible to be breached regardless of your precautions. If all your data was stored in once place and was then compromised, would your business survive? Probably not, as locally stored data is inherently unsecure and there is a high risk of permanent data loss if it is backed up in a single physical location. Also, cyber threats such as ransomware are designed to take your data hostage. To combat this, make sure that you are backing up all your data. Consider using cloud backup storage solutions as these can decentralize your data on encrypted servers that offer multiple points of redundancy.
The primary defence of any company network is a firewall. Firewalls prevent unauthorised users from accessing your network, protecting your systems by blocking anything that has not been permitted to enter or leave your network. Another consideration is protecting those employees that are working from home or remotely. They must install a firewall on their home network, especially if they are accessing the company network.