Cyber-attacks and hacking menaces make it to the front pages almost every day and have been known to cause countless problems for bigger and influential organisations. One of the most blatant examples is NASA: not only was their system hacked a whopping 13 times (during the last year alone), but this caused employees’ credentials to be stolen, and hackers to gain access to top secret information.
This could have severely impaired U.S national security.
But, you’re probably not NASA.
You’re probably the proud owner of one of the 5.7 million small or medium-sized enterprises in the UK and just recently started approaching the topic of cyber security.
Maybe you’ve read articles about security breaches that caused millions of pounds worth of damages to bigger enterprises. You’re probably well aware of the threats posed by “hackers”. And you might be inclined to think these aren’t things that should concern you.
In the end, why would someone take the time and effort to hack your small system?
Unfortunately, data about the situation appears to be incredibly alarming, documenting one successful cyber attack every 19 seconds and an overall number of 65,000 attacks a day.
Sounds scary, right? And, in fact, it is.
One small breach in your system can cost you countless pounds. What’s worse is that it could also negatively affect your customers’ trust in you and your business.
That would mean just one thing: more losses.
Reports show that a hacker’s attack might cost you as much as 48% of your customer base – and you certainly don’t want to risk that!
Although the scenario might seem tremendously worrisome and extremely difficult to deal with, cyber security is a basic day-to-day practice that can be easily achieved. All it requires is the cooperation of all your employees and paying attention to some basic ground rules.
Here at AIT we offer a wide range of cyber security services to help you implement security systems and processes for your business, and educate your employees to make sure they follow procedure and can collaborate in maintaining your net safe.
Even if you think you don’t have much data worth stealing, caution is – as they say – the better part of valour. Start your journey to safeguarding your business’ future with our ten basic steps to cyber security…
Step 1: Be Prepared To Manage All Risks…
This is a common ground rule that applies to all areas in business. It simply means that you should be prepared to have a well-oiled risk management system to avoid threats, while helping employees and collaborators detect and report risks before it’s too late.
To do so, there are a few precautions you must follow, such as:
- Identify the risks and prioritise the ones your business is most likely to be subject to.
- Establish your security risk criteria.
- Work on a security strategy that can provide you with consistent results.
- Identify all the information assets that could be violated (such as hardware, systems, customers’ data, etc…).
- Identify the owner of those risks.
- Ask for a professional risk assessment here.
Step 2: Technology Is Important, But So Are Your Employees…
Contrary to popular belief, cyber security is not something that just involves technology and coding.
As a matter of fact, it’s something that could never work properly without “a human’s mind”.
You and your employees are fundamental to keeping everything safe and ensuring no threat goes undetected.
One of the main dangers in cyber security is represented by something commonly known as “phishing”. You’ve probably come across this term during your experience as an internet user, as it’s a relatively common occurrence and could be prevented with a few careful measures.
Phishing is a security attack that aims to steal data and credentials.
What does it look like?
Surely, at some point, you’ve received a suspicious email or even a text message, in which an organisation you had communicated with previously asked you for sensitive information like passwords, or payment details.
The basics of phishing is to indiscriminately attack a wide group of people by impersonating someone whose authority they respect and know, like a bank or a shopping website. You are then tricked into providing information or clicking on links to access your account.
By educating yourself and your employees to recognise phishing and scams, you can completely avoid this kind of threat. It’s just as simple as knowing what links not to click on, and can be done without being particularly tech-savvy.
Whilst your employees’ input is fundamental, you have to keep in mind that humans tend to be fallible and have to follow further measures to make sure that everything goes on smoothly.
Step 3: Beware Of Internal Threats (And Check Your Passwords!)
One of the most common myths about cyber security is that threats come from the outside only, but nothing is further away from the truth. While you shouldn’t underestimate external threats, the data says that 53% of organisations responding to the Cybersecurity Insiders 2018 Insider Threat Report confirmed that they suffered an insider attack in the past 12 months.
Keep in mind that an insider attack doesn’t necessarily have to be intentional. It can be caused by significantly common workplace habits, like using bad passwords, sharing your login information improperly, or unsecured Wi-Fi networks. These behaviours might enable accidental internal threats and be as dangerous as an outsider’s attack.
Some valuable techniques to prevent insider threats are:
- Investing in your employees’ formation.
- Avoid reusing the same passwords over and over.
- Avoid sharing passwords.
- Avoid weak passwords.
- Avoid giving users too many privileges.
Step 4: Be Prepared To Deal With Incidents…
Despite all efforts, you might still suffer a cyber attack. It won’t feel different from someone breaking into your apartment and stealing valuable objects from you, and we understand that it may be traumatizing. That’s why you have to be ready with a plan and a team to quickly counteract the effect of a cyber attack.
But even if you’ve never been a victim of an attack -and luckily, you won’t- , having an incident management plan in motion is just as useful as having an alarm system in your home.
Better safe than sorry, right?
How can you minimise -or neutralise- the effects of an attack on your activity?
The best way to do so is to test your incident management system before an actual attack or threat happens, and have it ready and functioning for the inevitable.
Think of the worst and plan for it. In this case time is money and the faster you react the less you have to pay. As reported by Forbes:
“Incident response management is a critical component of regulations like the European Union’s GDPR and California’s Consumer Privacy Rights and Enforcement Act. Frameworks such as ISO 27001/2 also require incident response measures. Failure to comply with these regulations can attract severe penalties. For example, in the case of GDPR, penalties can reach up to 4% of global annual turnover or $22 million, whichever is greater.”
Although having an incident management team seems quite reasonable, you would be surprised to know that according to research only 16% of UK’s businesses have one, resulting in incredible losses.
Step 5: Secure Your User Privileges…
An internal attack is just as serious as an external one. That’s why you should always be careful with whom you’re giving unlimited access.
Giving unrestricted access for sensitive information to anyone puts you and your company at a serious risk of an internal threat: think about what could happen if you gave all your passwords to one of your employees who later turns out to have malicious intentions.
Even in the occurrence of a non malicious attack, think about what would happen if all of your employees were in possession of full access: one small breach in one account could be enough to cause just as big of a problem as a one in a company server.
That’s why we suggest you grant access strictly on a “need to know basis”.
Step 6: Check Your Out-Of-Office Protection…
The pandemic tested our ability to work outside of the office. Many things we thought we could not do from home are now securely being done from your employees’ living rooms.
While this represents a revolution in the way we think about work, it also poses a threat to your company’s security.
One of the key points of cyber security is, in fact, the control of your network safety: whilst this can be achieved through the right IT support in your office, it’s more difficult to ensure that your employees are connected safely from their homes.
As many other points, it’s a multi-factorial measure: you have to invest in your employees’ awareness so that they don’t put themselves at risk while working remotely and you might also want to invest in further IT support to increase your security levels.
Step 7: Pay Attention To Removable Media…
Removable media should be left as the last resort when working in a small business, for several reasons. The first one is, undoubtedly, that they could be carrying malwares and could pose a significant threat to your system.
That’s why, when you are using one you should always make sure they are scanned for malware and encrypted, before transferring any type of media.
The second reason is that it fragments your data distribution, thus making it easier for vital information to get lost or end up in the wrong hands.
Before authorising the use of any removable device, produce a policy to control all access to them, instruct your employees to limit the type of media they are exchanging, and scan all files before transferring.
Step 8: Fortify Your Network Security…
To defend against external threats you need to work carefully on strengthening your network security. Every information exchange might be potentially lethal for your network, and that’s why one of the bigger risks lies in your internet connection, and why you want to protect it. That’s easier said than done, and you might want to ask experts for help, at least in the beginning.
As previously implied, building your network security requires you to reinforce the safety of your internet connection.
In order to do so you should implement strong policies, and appropriate architectural and technical responses.
Given the complexity of a business’ network, try and assess -with the help of an IT consultant- which areas are more at risk and enforce your security there. Pay particular attention to where you store your data, as it could easily be the first target a hacker is aiming at.
Step 9: Work On Malware Protection…
What is malware? Simply put, is a malicious software program that, by accessing your system -through unsupervised file exchange, for example- could have an undesirable impact and make unwanted or even lethal changes. You probably know them by one of their most common names: viruses, trojan viruses, worms, etc… The term “malware” is just an umbrella term for all these threats.
If a malware makes its way into your network, it could result in the destruction of your data and your computer’s system.
That’s why protecting your devices is of the utmost importance and you must have some kind of malware protection installed.
This goes along with instructing your employees in detecting possible malware in phishing emails.
Step 10: Implement Your Configuration System…
When setting up new devices in your business you should dedicate some time to check the manufacturer’s settings they come with, and modify them according to your security policies.
Make sure you apply security patches, and that secure configurations are applied to all your devices.
You should also create a software inventory, and a baseline build for all devices used in your company.
Every instrument or device you use on a daily basis must be up to your company’s security standards, because neglecting that could be dangerous and significantly damage your work.
Do You Find It Hard to Keep In Mind? Check This Out…
We get it: cyber security can appear intimidating to those who are not that tech-savvy. But in order to keep your business up and running you’ll need to ensure that everyone gets -at least- the gist of security: that’s why we came up with a creative solution to help you keep in mind all the basic steps of security.
Start by thinking of your system as a home. In order to keep it safe you will have to:
- Check your doors – and make sure that you have sturdy ones!
- Your passwords are like keys: make sure you don’t lose them and, if you do, replace them.
- Don’t give your keys to anyone asking
- If you have a guest, they don’t need to see all of your rooms
- Have a security alarm installed for when you are out
- Stipulate an insurance to cover you if someone breaks in
- Be careful about who you invite, and to what they are taking into your house
- Don’t accept gifts from strangers (that’s how malwares make its way into your system!)
As you can see, cyber security is pretty easy when examined from another perspective, and you just need to apply some common sense to make it all work.
Some Final Considerations…
In the end, the basic measures to secure your network can be rounded up to:
- Invest in user awareness
- Have an IT Security Service Provider that will help determine where your risk factors lie and train you and your employees accordingly
Here at AIT we are always happy to provide our clients with tailored solutions. Start your journey in Cyber Security today by getting in touch to discuss which strategy is best for your business!