It’s impossible to ignore the rising threat of cyber-attacks. In fact, over four in ten UK businesses suffered a breach or attack during 2018-19 - it’s this evidence, along with stricter data protection laws brought in by GDPR, which inspires our 6 steps of cyber security basics:
It makes sense to ensure your files can be recovered in the case of data loss or theft. Make sure you backup your files off-site (keeping copies of key files in a separate physical location to your primary storage) and check that those copies work. Additionally, you should be backing up data regularly, making sure files are saved whenever possible.
Choosing a secure password is a fundamental basic within cyber security. An attacker could exploit a non-secure password using a ‘brute force attack’ which runs a script to work it out, often starting with easier-to-guess combinations. When creating a password, it should be unpredictable, at least 12 characters, use a combination of symbols/numbers/letters, and also be changed regularly. A short but memorable phrase is also a good alternative.
You should also avoid using the same password over multiple accounts. Many hackers will sell the data they steal, which may include personal information about thousands, if not millions of people - using the same password will make it easier for the hacker to gain access to the rest of your accounts. To keep track of all your different passwords, consider using a commercial password management tool such as Dashlane or Lastpass.
Conduct an insider threat analysis
An insider threat analysis will uncover any potential threats to your IT infrastructure which come from within your organisation. This includes employees, ex-employees, contractors, vendors or third party data suppliers. The threat from any of these people may also not be intentional.
For example, an employee could have installed poorly-made software on their PC or failed to update any devices they use on your office network. This makes your network vulnerable to an easily-spread threat.
Leverage the Cloud
For small or medium-sized companies who want to outsource the storage of their data, cloud is a useful tool. However, you must know all the facts when signing up with a cloud provider- such as which data centres their servers sit in, and all the security and reliability measures in place to protect those servers.
People are often the weakest link in the security chain, but they can become your strongest asset if they understand the risks.
An accidental click on a strange link or opening of an attachment from a malicious email (commonly known as phishing) can lead to keyloggers, worms and trojans being installed. Simply calling up and asking for information (including passwords) or lying your way into an office to steal access codes - often referred to as ‘Social Engineering’ – is another common attack vector.
Organisations can combat those threats by raising awareness via training and regular auditing of security processes.
Even when doing your upmost to take the above precautions, an attacker could still reach beyond the company firewall, resulting in a data breach. As these events become increasingly common, it’s important to have a plan in place to deal with them and minimise the damage.
You may want to cover your business with insurance to compensate for any loss, or you could invest in solutions such as managed firewalls and threat monitoring to have greater control over your network security.