How can I Protect my Business from Cyber Attacks? | The Ultimate Guide
With businesses redefining the future of work and continuing to use home working and hybrid working models, the discussion about cyber security is more relevant than ever as businesses look to ensure they are protected as best they can be with a more disperse workforce.
Often there is a misconception within small and medium businesses that their size or type of business will not be targeted by cyber attackers. The reality is quite surprising – more than 39% of all businesses in UK and 26% of charities had a data breach in 2020 and 1 in 5 end up losing money, data, or other assets.
Smaller businesses who may not have adequate IT controls and the in-house knowledge to protect themselves are often softer targets than larger organisations.
More than 95% of cyber breaches could easily have been prevented in the last year.
We have included some useful tips and strategies below to help you ensure you don’t leave any doors open.
Security Assessment
It can be difficult to know where to start with cyber security for many businesses. We recommend establishing a baseline and finding out how secure your network and systems currently are as a starting point.
When was the last time you had a comprehensive scan of your network done and tested for threats and vulnerabilities? Do you have a tool or process in place which can identify vulnerabilities? How often do you perform these scans?
Having an overview of the current situation will help you with planning, development, and implementing your cyber security strategy.
Implement a layered security strategy
To ensure data protection for your business or organisation, we recommend implementing a layered security strategy. By protecting your assets with several layers, if the hackers are able to breach one security layer, the data is still protected by another layer(s) of security.
This layer approach is much more effective than one large security platform, however it must be planned and designed properly. A robust security system will grow the trust of your employees, customers, and stakeholders in your business.
Keep software and hardware up to date
Regular updates provide not only the latest version and new features, but also fix known bugs and add critical security updates to protect your devices from the latest cyber-attacks. We recommend updating all applications, systems, and hardware (Firmware) used to the latest version as soon as it's practical.
This enables you to continue to protect your organisation from new or existing security threats. A good example is checking and updating Microsoft patches on ‘Patch Tuesday’ which is usually on the 2nd week of a month. If available enabling auto update options in software/hardware is also recommended.
If you are utilising any software/systems/hardware that is no longer supported and no longer receiving security updates we recommend replacing it with newer supported versions. For example, a Broadband router may still be working but hasn’t had any updates in a number of years will likely be easily exploited.
Data Back-Up
Can you imagine operating without your key critical data? Exactly, something that we are all concerned about. Minimise the possibility of losing access to your data by accidental deletion or some form of cyber-attack by backing up data and storing it at offsite premises. This will help you to recover your data in the event of a disaster or cyber-attack. There are many options to back-up the data – from backing-up locally, in cloud or offline. This might sound complex, but if you get stuck here, this is something we can help you with - contact TeamIFB for more details.
Firewalls
Intrusion Detection. Intrusion Prevention. Malware Prevention Overwhelmed?
A firewall is a piece of software between the computer and external network - mostly internet, that is dealing with the most dangerous threats and let all the viruses “bounce off” of your system. For more information on this and how we can help, get in touch with TeamIFB.
Firewalls can be both physical devices and software. These can be setup on the border of your network and or host devices, I.e., laptops, desktops etc. Usually these are viewed as providing protection from the ‘Internet’ but should also be deployed to protect from other users/devices on your own network. For more information on this and how we can help, get in touch with TeamIFB.
USB drives – Are your employees still using them?
USB drives, memory cards and other removable storage devices became very handy to use when transferring data between computers. However, they present high cyber security risks as they might infect company devices with malicious software or ransomware as often, they are not only used for work tasks within the organisation, but used for personal purposes outside the working environment too. Restricting the use of USB storage devices will help minimise the transmission of malicious files and virus infections. There are many alternatives like cloud platforms that conveniently and securely store files allowing for file sharing and are helping businesses to stay protected against cyber threats.
Cyber Security Training for staff
Ensure to provide training for your staff frequently. You are only as secure as your least informed employee. Businesses are very vulnerable if employees aren’t efficiently trained and educated. Your staff should be confident in data policies, security policies and procedures, recognize suspicious emails and phishing emails or know what to do when they open a suspicious attachment. Build a cyber security culture where everyone plays an active role in cyber security and protection.
There are many resources and organisations offering cyber security training, a great start is to check the National Security Centre website (www.ncsc.gov.uk) and look for events like Exercise in a Box organised by Scottish Business Resilience Centre aimed to help organisations put into practice their existing response to a cyber-attack (www.sbrcentre.co.uk/exercise-in-a-box-whats-it-all-about).
TeamIFB can provide you with additional resources and advice if needed.
Encryption
The best approach here is to encrypt everything and all the time. Even if hackers are successful in stealing or copying your data, it won’t be very useful to them if all the data is encrypted. Often, they don’t possess the encryption key and all stolen data won’t be useful to them.
Implementation of security policies
All businesses regardless of their size should have a formal security policy and procedures in place. This ensures not only business continuity but encourages team members to take responsibility for keeping themselves and the business secure.
All policies and procedures should be checked regularly and updated as necessary in order to keep everyone up to date regarding new potential cyber risks.
If you are still new in this area and you feel overwhelmed, Scottish Business Resilience Centre is running Exercise in a Box events to help businesses be prepared in an event of cyber-attack and advising about the relevant security policies and procedures.
Use Multi-Factor Authentication
Two-Factor authentication is another layer of protection that verifies that you are the person authorised to use the account or application.
Passwords
Never use Predictable passwords, I.e., basing passwords on identifiable data such as names, birthdays. Passwords should be unique for each account used. Using a Password Manager to store and manage passwords as well as implementation of the three random words strategy for password creation is recommended. The following blog from the National Cyber Security Centre (NCSC) offers more details on how to create a strong password: https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words.
Regular Security Audits
Regular security updates will help to identify security gaps, vulnerabilities, and system weaknesses. They often are compared to a baseline test to see the progress of implemented cyber security measurements. They not only detect security loopholes but also provide an overview of how employees stick to security policies and identify if additional training or a refreshment course is required. Performing regular Internal and External vulnerability scanning can highlight potential issues with out-of-date hardware/software and devices that are not running support or updated software.
Cyber Essential Certification
Gaining accreditation from the government backed scheme, Cyber Essentials and Cyber Essentials Plus, will not only help to protect your organisation against a variety of cyber-attacks, but will give your business credibility and reassure your customers that you are acting proactively and securing your operations against the threats. It will help you to attract new businesses as you can show you have appropriate cyber security measurements in place.
The scheme provides 2 levels of certification:
Cyber Essentials is a self-assessment option providing protection against a wide variety of common cyber-attacks. It provides basics and guidelines for organizations to minimise cyber threats within their operation.
Cyber Essentials Plus is a more complex test of cyber security systems where accredited cyber experts carry out vulnerability tests and technical evaluation to make sure your organisation has a high level of protection against cyber threats. Internal scan, external vulnerability scan and on-site assessment are carried out. Our team can provide expertise in this area and prepare your business or organisation for Cyber Essentials Plus.
Stay on the top of the game
Taking responsibility for keeping your organsation safe should be one of the top priorities for every business owner.
Follow organisations like NCSC or SBRC for latest updates regarding cyber security in the UK, connect with cyber security experts on social media and engage in conversations with your IT manager or IT company to maximize your cyber security efforts.
Final thoughts
Developing and improving internal strategies, security policies and procedures on how to minimize cyber-attacks is a great start in how to prevent cyber threats. Regular network scans will help you keep your business secure. What to remember here is that cyber security is a team effort, every member of your team should be responsible to act appropriately to minimise cyber threats. All employees should have access to cyber security policies and procedures and refresh and increase their knowledge about cyber security on a regular basis.
For professional advice and more tips regarding cyber security solutions, book your consultation with a member of TeamIFB or call us on 0845 270 2101.
https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021