No matter what sector you work in, or the nature of your business, the use of technology is rapidly growing in all sides of life. However, so are the threats from cyber criminals in the form of hackers working for hostile countries and the spread of false information.
Did you know that in 2023, the UK saw cyber attacks on power plants, technology companies lost billions to Crypto scams, and numerous companies got caught up in cyberattacks related to Russia’s war with Ukraine?
Cybercrime is becoming increasingly sophisticated, and keeping your business covered is vital should you find yourself caught up in a cybercrime situation.
Cyber Attacks You Should Be Aware Of
There are many ways in which a criminal can attack a business. Cyber crimes are continuously developing and evolving to become virtually undetectable in some cases.
These attacks manifest as morphing ransomware variants, software and hardware supply chain exploitation, increased cloud infrastructure attacks, cryptocurrency volatility, cybercrime, and IoT and operational technology breaches.
Worryingly, many people and organisations are not protected against these attacks.
Ensuring your business is protected and getting expert guidance on keeping it safe is vital today. Learn the risks, educate your employees and work together to reduce the cyber threats you face.
Cyber Security – Top Tips
Password Complexity and Management
Businesses need to protect their information and data. This can be done by ensuring users only use strong passwords to access systems. Create rules for using capital letters, numbers, special characters, and minimum character counts.
The National Cyber Security Centre recommends using three random words, and to make it even more secure use numbers and special characters.
Personal information such as dates, pet’s names or children’s names should never be used, as they are easily guessable.
Multi-Factor Authentication (MFA)
Using two forms of identification to access sensitive data is an effective way to increase security.
User Privileges
Employees should only be given access to systems, documents, software and areas they need to do their job. This is especially important when employees work remotely.
Blanket access can allow users to access areas of the business they may not even realise they can, leaving the system open to cyber criminals.
Virtual Private Networks (VPNs)
A VPN extends a private network across a public network. This allows employees to secure a private connection to the internet, encrypting data and protecting against data interception.
Own Equipment Use Policy
If a user were to access your business’ network on their own devices, this would make it less secure. Any business-supplied device should, as standard, have security and restrictions in place, however, employees may be less stringent with their own devices.
A user’s personal laptop could already have a virus, and when it connects, it is introduced to the network.
Even an uninfected laptop is not safe. It could be out of date from an anti-virus and software point of view, making it more susceptible to cyber-attacks and therefore, a risk to the business.
Phishing
‘Phishing’ refers to attempts to steal sensitive information, typically usernames, passwords, credit card information or other important data. These can come in the form of mass, untargeted emails asking for the information or prompting the user to click on a link or visit a false website.
Remember:
- Keep an eye on the sender’s email address. Does it look correct, does it reflect the organisation it was supposed to be sent from?
- Is the grammar and spelling correct? If it is supposed to be from a reputable business or retailer, spelling and grammar mistakes are unlikely.
- Is the email addressed to you by name?
- Threats are not typical business practices.
- Is it too good to be true?
Removable Media
Unsolicited removable media such as SD cards or USB sticks can introduce viruses onto a computer system, spreading it through the network.
Your business should have a ‘no removable media’ policy where possible, and device ports should be protected against threats. Instead of memory sticks, use email or cloud storage.
Working In Public Places
When working in a public place, remember:
- Security: Train all employees on leaving devices unattended in public, and the importance of keeping devices on you always.
- Data: Employees should always be aware of those around them. Can someone see over their shoulder?
- Wi-Fi: Unsecure wi-fi networks expose your business to risks. These networks should never be used. Instead, use a mobile phone’s hotspot network.
Encryption
Encryption keeps information safe by storing it in a ciphertext. Only those who are authorised and hold a key can decipher this code to access the original information.
This will not only stop an attack but also make the data useless to a cybercriminal.
Reporting Security Issues
Any security issue must be reported as soon as possible. Whether that is a lost phone, a stolen laptop, a breached system or network, a suspicious email that has been opened, a compromised password or another threat, reporting this quickly allows the situation to be assessed and a suitable response organised.
Up To Date Anti-Virus and Software Updates
Keeping up with the latest software updates will keep your device up to date with the latest security improvements and patches.
Employee Education
If your business has a significant number of remote workers, uncertainty around remote network access or unfamiliarity with various systems can put extra pressure on your IT Helpdesk.
Consider creating concise, user-friendly “how to” guides to alleviate this strain whilst minimising the risk of employees causing security issues.
