Now more than ever, businesses need to be more aware of the dangers of cyber-attacks. Attackers are doing it for profit and are organised! Criminals are now more likely to be sitting in a plush office behind a powerful computer than physically breaking into your business premises.
The damages of a cyber-attack to businesses can be huge! From loss of crucial, confidential or sensitive data, to reputational damage and even GDPR fines if your client’s data is compromised. Ensuring you are vigilant is essential!
Sadly, there is no silver bullet to make your business secure from attack, however, here are some techniques to prevent a cyber-attack:
1. Security Assessment
Most companies only have a vague awareness of what a cyber threat is and the degree of damage that could result from an exposure.
Consider getting an assessment done that provides you with a written report of the level of risks and vulnerabilities, and the options and costs of addressing them.
With a security assessment you can better manage the risk to your business, manage visible risks and prioritise the most severe threats, and have an agreed acceptance of the less severe risks.
2. Spam and Malicious Email
When attacks happen, they often originate from emails. Filter your company emails for known spam or malware before they even reach your network.
Consider banning users from accessing their private emails on company computers as it is common for corporate email to be filtered for malware, but personal email accounts such as Gmail etc, are not. If a user triggers malware contained in a personal email, on a company PC, the malware could infect PCs and servers on the company network with serious consequences.
3. Passwords and Policy
Apply security policies on your network, for example, enforce rules about password length, complexity, and frequency of changing. Deny or limit USB file storage access and set screen timeouts.
One area of vulnerability is the accounts of users who are no longer with the company being left in place. Make sure you have a defined leavers procedure that includes locking, archiving or deleting inactive accounts.
4. Multi-Factor Authentication
It is normal to provide a username and password in order to log in to all sorts of sites and applications. The problem is that if we are tricked into providing these credentials then an attacker can use them from any PC, anywhere in the world.
A simple form of multi-factor authentication can be provided by a free app on a mobile phone which continually sends out a one-time code that expires after a short period of time so that when you login, you will also be required to enter the code to add a secondary level of security. Even if an attacker gets you to provide it in a phishing attack, the damage is limited as the code expires in a short period of time.
Keep Microsoft, Adobe and Java software updated with the latest security patches. Software vendors often discover bugs and vulnerabilities in their software, and they are constantly releasing updates to fix bugs and close down vulnerabilities. Many attacks take advantage of known vulnerabilities in widely used software that has not yet been updated. A regime of regular updates will minimise your exposure.
We all use so many passwords both at work and in our personal lives, that it is hard to keep track of them all. If you re-use the same passwords for different sites and one of those sites is hacked, the attacker then has easy access to your accounts on the other sites. Consider using one of the many password management applications to make it easy to have unique and strong passwords for every application and website.
Wherever possible, the goal is to encrypt files at rest and in motion (think email); especially on mobile devices. Hard drive encryption is now an option included as standard in Windows 10/11 Professional. Be aware that the encryption only kicks in when the PC/laptop is shut down as opposed to the “sleep” option, so it is important that your PC/laptop automatically locks itself when it goes to sleep.
The use of VPN technology ensures that data being sent over the internet is encrypted. This is particularly important if you use publicly provided Wi-Fi such as in hotels and cafes to access websites for business purposes, or to remotely access your office IT systems.
In security terms your firewall is your front door. At the very least, the firewall should be kept updated so that it can scan for the latest malware incidents. The current generation of firewalls can do so much more than before, but in order to be effective they need active management. Make sure that Internet ports that don’t need to be open are closed. Turn on Intrusion Detection and Intrusion Prevention features. To discuss further ways to protect yourself and your business from cyber-attacks, email our team, firstname.lastname@example.org or call us on 0121 667 8977