No matter the size of the business, protection is an increasingly difficult challenge. The consequences of external attacks, internal security breaches, and internet abuse have placed internet security high on the agenda for many organisations. What can you do to keep your business safe?
Toni Allen, UK head of client propositions at the British Standards Institute (BSI) said: ‘The latest Government Security Breaches Survey found that nearly three-quarters (74%) of small organisations reported a security breach in the last year; an increase on the 2013 and 2014 survey. SMEs are now being pinpointed by digital attackers.’
There are many different things that can put your business at risk when it comes to cyber security.
Cyber Security: 4 Things to Watch Out For
Out of Date Technology
Everything happens so fast now. There’s always something new, something bigger and better, and it’s the same with cybercrime. There will be new malware and new viruses all of the time. What you need to remember is that the technology you have in place to go up against these threats needs to know that these threats exist to combat them. It’s like being asked to make a medicine for a new disease. You can’t make it until you know it exists. You should make sure that your Firewall is up to date to deal with the latest threats. Check your software on your computer as well, if you have ignored the latest update then you might find yourself in trouble.
Backup and Disaster Recovery Testing
If you have a back up and disaster recovery solution then you are doing the right thing. You can sleep easy at night knowing that if something does go wrong then you will be able to restore everything back to how it was. The question you need to ask yourself though is ‘Does that backup work?’ Have you ever checked? We recommend that you do a full test of your backup and disaster recovery at least once or twice a year otherwise you may find the backup not working when it really matters.
Social Engineering
We make our lives very public nowadays and cyber criminals are using it to their advantage. Social media, press releases and even your out-of-office messages indicate to people what is going on within your business, who is where and where vulnerabilities may lie. If someone emails your Managing Director and they receive an out-of-office stating that they are on holiday then this is the perfect time to send a phishing email from the MD to Accounts asking for a ‘bill’ to be paid. No one will want to bother the boss on holiday so they will just do it without question and then you become a victim.
If you post on social media saying that you have enjoyed a conference or have just won an award then this could be used against you. Someone may email you and use this information to indicate a comfortable familiarity and draw you in.
We’re not saying don’t use out-of-offices or social media, but just think about how you react and respond to things that may not seem quite right.
The End User
Everyone makes mistakes and they make less mistakes if they have knowledge and understanding. It is so important now that your staff understand that cyber security is not just your IT Manager’s problem anymore, it’s everyone’s problem. Staff need to be fully aware of all of the risks that are waiting for them. Phishing emails can get through spam filters. Malware can get past a Firewall. If all the barriers that are put in place fail then it all comes down to the decisions that your staff make. Think of your business like a Roman Soldier. He will have armour and a helmet but if a sword was to get through those precautions then it leaves the human underneath vulnerable to attacks.
7 Essentials for Cyber Security
Firewall
A firewall is the first step of our cyber security checklist. A firewall controls the traffic coming in and out of your network through a set of rules. The set of rules is your firewall policy that indicates which traffic is allowed and which is not. A firewall helps to stop hackers and malicious software like worms from entering your network and wreaking havoc. It’s also important to know that because of how quickly new cyber threats are developed, firewalls go out of date very quickly. You should make sure that your firewall is still up to date to deal with current threats.
Anti-Virus
Viruses are pieces of code that corrupt systems and destroy data. Anti-Virus software is designed to detect these viruses and remove them from your system. Often they have scheduled scans each day to ensure there are no problems.
Anti-Spam
There’s always email that we don’t want. Spam is email that is unsolicited and is usually sent to a mass audience. Sometimes that email can be hiding something malicious like an attachment with malware. Anti-Spam software stops spam from entering your system.
Patch Management
Cybercrime is often caused by criminals finding holes and backdoors. These holes and backdoors are often in software that is not up to date. For example, when you are asked to update your phone it can be annoying if it’s not a convenient time and then you forget about it. However, that update is more than likely in place because a hole has been found in the previous version causing your phone to no longer be secure. By having Patch Management in place you can ensure these updates are installed and none of your devices are vulnerable.
Backup and Disaster Recovery
Sometimes we can take all of the precautions possible and something will still get through. Technology is changing all of the time and because of it there is always something new that could be a threat to you. Backup and disaster recovery enable you to sleep easy knowing that if something does go wrong all of your data is backed up and quickly accessible so that your business is not affected by the incident.
IT Policy
Most businesses will have an IT Policy that is read once and then never again. We recommend having an easily accessible and understandable IT Policy for users so that they know exactly what they should be doing with your business’ devices at all times.
End User Education
In our opinion, end user education is the most important aspect of cyber security. You can have all of the precautions in place but if just one phishing email gets through then your business is vulnerable to your employees’ decisions. It is essential that all staff are aware of cyber security threats. Our cyber security guide is a great source of information for this, it’s available to be downloaded for free here.
For more information about cyber security, speak to one of our consultants today.