Fighting back against the cyber criminals could be easier than you expect if you follow these five steps.
Cybercrime is a growing threat with businesses of all sizes coming under the microscope. However, it is small businesses who possibly have most to fear. Firstly, they will be less able to absorb the costs of a cyber attack and, secondly, many of them present tempting targets for the cyber criminals. Although most recognise the scale of the threat, not all of them are well set up to do anything about it. Working on the principal of attacking the most vulnerable, many cyber criminals have turned their attention from the well defended big corporations and are going after smaller prey instead. That’s why getting your cyber security up to scratch could be the single biggest thing you do for your business this new year.
- Assess your risks
The first stage of any defence strategy is to assess where your biggest risks lie. This depends on the type of organisation, how mobile your data is, whether you use cloud computing services and whether you have people connecting in remotely, among other factors. This will represent your own personal network which you will need to keep secure.
Once you understand the landscape, you can develop an impression of the type of threats you might face – and where attackers might get in.
Cyber security has become much more complicated in recent times thanks to the rise of remote and hybrid working.
With the onset of the pandemic, businesses had to switch to remote work almost overnight. This represented an enormous upheaval with businesses having to adapt as they went along. The result will inevitably mean that gaps appear in defences. In a regular office-based environment, IT managers have a greater control of the network and there are fewer potential avenues for criminals to exploit. Keeping this enclosed network safe is a relatively straightforward process.
Now switch to a world in which everyone is working offsite and connecting remotely to central servers. All of a sudden, things become much more complicated. The company will have to deal with multiple endpoints not all of which will be secured. Having people connecting with unsecured devices is a bit like leaving a door open in castle defences. Everything else can be as secure as you like, but one weakness can bring everything tumbling down.
- Use encryption
First up you need to build your defences. As a minimum, all messages coming into your businesses should be securely encrypted. This is the process of transforming data into a randomised format which can only be read by the intended recipient. In theory, even if cyber criminals intercept it, they would be unable to read what it contains.
At a minimum, it’s worth encrypting your company’s emails as this is the most common way in which data is transferred into your business. Most email providers will offer some form of encryption but this is not always as secure as it could be and the data may be readable by your provider.
- Address the human factor
The biggest vulnerability comes not from evolving technology of the cyber criminals, but from your staff themselves. Even in today’s high tech world, the majority of cyber-attacks rely on people clicking a malicious link or downloading a file they should not have done.
Educating staff about the threats and ensuring people follow strict protocols will be crucial. The aim will be to create a cyber secure culture in which good practice becomes second nature. This includes making people aware of what the threats are and establishing clear protocols over password use. Research suggests that most employees use the same passwords for their personal accounts and work accounts. This creates a serious vulnerability – if your staff get hacked, it could expose your own systems.
- Good password control
Passwords are becoming increasingly complex. That’s a response to evolving techniques and capabilities among cyber criminals. Attackers are developing sophisticated software which can try billions of combinations of letters and numbers until they strike gold.
If your staff are using single words or short passwords, these software packages will sooner or later get through them. This is why you now see online accounts requiring longer passwords – such as a minimum of eight characters. In reality, though, you should probably go over and above this, moving to ten or 15 characters. The more complicated you can make it, the more difficult it will be for cyber criminals to crack the code – regardless of how sophisticated their software is.
- Maintain robust disaster recovery
Even with all these measures in place it is impossible to be 100% safe. Attacks have become so common and so sophisticated that no company can guarantee they will not be breached. If that happens, much will depend on how you respond.
As a business, you should use monitoring tools. These use AI and other automated technologies to check for attacks. These will make it more likely that you detect a breach if and when it occurs. Some of the most costly breaches have occurred because companies went for weeks and even months without knowing they had been compromised.
The earlier you detect the breach the quicker you can respond and minimise damage. This will be important for your reputation. Customers understand how tough cyber security is in the current environment. They will be more forgiving if you are transparent and inform them of what’s happened and show how you are taking steps to safeguard their data.
Having good back up and redundancy systems in place will also make you more resilient if an attack occurs. One of the most common threats, for example, comes from ransomware. These shut down computers and deny access to your key systems unless you pay a ransom. If you have backed up your data, you will be in a better position to isolate the damage and continue operations as normal.
Stay alert
As mentioned in this piece it is not possible to be entirely safe, but you can make yourself a much tougher target. In most of the high profile cyber-attacks of the past couple of years, investigations revealed that they could and should have been stopped. For all their advances, cyber criminals still need you to make a mistake. If you can keep these to a minimum, they will be more likely to look elsewhere for easier prey.