It’s impossible to ignore the rising threat of cyber-attacks. Over four in ten UK businesses suffered a breach or attack during 2018-19, and 43% of cyber attacks are targeting small businesses. With this targeting, and the potentially devastating cost of falling prey to an attack, it’s more important than ever to make sure you’re following cyber security best practises.
Our six steps are not only cost-efficient but easy to implement techniques which will greatly improve your cyber security posture.
[If you’re looking for bespoke cyber security advice get in touch]
1. Keep Backups - Your only solution for data loss
If an attacker locks up your system, or otherwise damages it to an extent you can no longer access it, then the only solution would be to have a backup in place to restore your files.
Backing up your business-critical data should be done regularly (you don’t want to restoring an out-of-date system), and ideally the backups should be stored somewhere off-site to prevent them being damaged as well. You also need to check that your backups work, and are configured in a way that they could be used to restore your system quickly to limit the downtime you have.
Consider using a managed backup provider if you think you’re not fully equipped to handle this.
2. Create Secure Passwords - Otherwise your system is left open to anyone
An attacker could exploit a non-secure password using a ‘brute force attack’ which runs a script literally using trial-and-error, often starting with easier-to-guess combinations. These are simple to create and use, meaning weak passwords could leave your system vulnerable to attackers who aren’t even that technically gifted.
When creating a strong password you should always:
- Be unpredictable; no birthdays or names
- Make it at least 12 characters long
- Use a combination of symbols, numbers, and letters
- Use a short but memorable phrase as an alternative
You should also avoid using the same password over multiple accounts. Many hackers will sell the data they steal, which may include personal information about thousands, if not millions of people - using the same password will make it easier for the hacker to gain access to the rest of your accounts.
3. Conduct an Insider Threat Analysis - You need to discover your vulnerabilities before anyone else
An insider threat is a weak point in your system caused by employees, ex-employees, contractors, vendors or third party data suppliers. It will be an issue specific to your system, meaning that if you don’t discover and fix it, no one else will. This threat may have been created unintentionally (for example: some poorly-made software an employee naively installed), but if it was deliberately created then whoever put it there will exploit it.
Running an insider threat analysis, which should be done regularly, will uncover these weak spots and allow you to fix them before they are used by a cyber attacker. An alternative to doing this yourself is utilising someone’s vulnerability scanning services.
4. Utilise the Cloud - An ideal tool for SMEs
For small to medium-sized businesses using a cloud might be your only option to outsource the storage of your system, since you lack the resources to build you own data centre. Using a cloud shifts your system off-site, and likely will increase the physical and cyber security it is held under.
However, before deciding on a cloud provider it’s vital you understand exactly what security your system will be protected by. You also need to, for GDPR compliance, know exactly where your data is being physically stored.
5. Ensure your staff are Trained and Vigilant - Human error is one of the biggest cyber risk factors
People are often the weakest link in the security chain; an accidental click on a strange link or opening of an attachment from a malicious email (commonly known as phishing) can lead to keyloggers, worms and trojans being installed. Simply calling up and asking for information (including passwords) or lying your way into an office to steal access codes - often referred to as ‘Social Engineering’ – is another common attack vector.
This is why your cyber security doesn’t just rely on how your system is set up, but is also dependant on your staff understanding and identifying potential risks. Sharing this list of tips should be your first step in educating your staff (particularly the section about passwords), but you should also organise more comprehensive training around cyber threats. You can either take care of this internally, or there are professional security awareness training programmes and simulated phishing SaaS platforms that can help raise awareness and regularly auditing your user security processes.
6. Invest in Cyber Insurance - Essential for recovering from a successful attack
Even when you’ve done everything you can to protect yourselves there is always the risk attackers will break through the security measures your company has put in place. As these events become increasingly common, it’s important to have a plan in place to deal with them and minimise the damage the damage to your company.
Additionally you may want to cover your business with insurance to compensate you for any losses made as a result of a cyber attack, limiting the damage done to your company.
[Why not use our 6-step infographic of this article as a useful resource for your office?]