Five Key Ways to Protect Your Company Against Cyber Attacks

Uploaded on 2018-08-02 in NEWS-News Analysis, FREE TO VIEW

As recent data breaches indicate, businesses of all types, sizes and in all locations are at real risk of a cyber attack at any given moment. 

In reality, there are just five specific steps that all companies need to follow to effectively protect against cyber-attacks: secure your hardware, encrypt and backup all your data, encourage a security-centered culture, use robust firewall and anti-malware software, and invest in cyber security insurance.

Here’s how to put these steps into action.

Secure your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of company hardware is often overlooked but the loss or theft of devices is a real threat to be aware of. 
Begin your cyber-attack prevention strategy with the basics: protect all devices with a complicated password, share the password with the device user only and commit it to memory instead of writing it down in an easily accessible place. Do not overlook the effectiveness of physically attaching computers to desks. This is a simple, yet effective way of preventing intruders from walking away with company equipment and the sensitive data they hold.
Finally, install ‘find my device’ software on all laptops, phones and tablets. By doing so, equipment that is stolen can quickly be located by the authorities.

Don’t overlook safeguarding company hardware
Data breaches commonly occur due to stolen equipment and so safeguarding your hardware is an easy strategy for improving your businesses cyber security.

Encrypt and back up data
An effective cyber-crime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. Companies can achieve the latter by always encrypting their data. 
As highlighted by researchers in the International Journal of Advanced Computer Science and Applications, data encryption remains the ‘most efficient fix’ for data breaches, should they occur. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. 

Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.

Also check that this software is activated and updated on all company devices. And minimise the amount of time a computer sits unused and unlocked by setting all devices to automatically enter ‘sleep’ or ‘lock’ mode after five minutes of no use.
Stay ahead by backing up data and storing it separately

After encryption, backing up all data is another key way of protecting yourself from security breaches. With ransomware hackers locking companies out of their systems, encrypting their data and asking for a ransom to be paid before releasing the data, you can stay one step ahead of them by backing up all of your data and storing it separately.

Invest in cyber security insurance
Because cyber criminals continue to work tirelessly to find ever more advanced ways of breaching security defenses, even the most security-conscious businesses remain at risk of an attack. 

US research into the cost of data breaches has shown that in 2017, the global average cost of a single data breach event was USD 3.6m, equivalent to USD 141 per data record. 

The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance, yet only 9% of UK businesses and 15% of US businesses have this type of insurance, according to the UK Department for Digital, Culture, Media and Sport, and the US Better Business Bureau, respectively.

Seek specialist advice for cyber security insurance
Minimise your risk by seeking specialist help to select the best type of insurance for your company, based on your risk of attack and the financial impact of such an event.

Create a security-focused workplace culture
Employees are the most common cause of data breaches as many don’t recognize external threats when they occur or have a good understanding of the daily actions that leave a company vulnerable to a cyber-attack. For example, the UK Cyber Security Breaches Survey 2018, carried out by the UK government and Portsmouth University found that 43% of UK businesses have experienced a cyber security breach or attack over the last 12 months, with only 20% of UK companies offering training to staff within the same time frame. 

Such breaches were more common in businesses in which staff members use their personal devices for work. Businesses need to ensure sufficient security training and education for staff remains a key focus, but where to begin?

Educate staff on the dangers of unsecured networks
Banning employees from using their personal devices for work may seem like an obvious approach, but this strategy seldom works in the long term. As staff members grow tired of the inconvenience, they are likely to return to accessing work on personal devices, regardless of policies prohibiting this.

It is therefore more impactful to teach staff how to use both their personal devices and work devices in a way that minimises the risk of being hacked. Top of the list should be educating them about the risks associated with using unsecured networks to access work information.

This should include clear definitions of what unsecured networks are, and where they are commonly found such as in coffee shops, airports, hotels and so forth. And then how to verify if a network is secure (secure networks require a key/password to access them).

Teach avoidance of unsecured websites
Staff members should be taught about the importance of never accessing unsecured websites on work devices because this gives cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords.

Discourage password sharing
Employers can create a security conscious culture in which password sharing seldom happens. By not only educating staff members on the risks, but also by leading by example and never sharing passwords or asking staff members to temporarily log in guests, contractors and new hires. Using protocols, such as creating temporary passwords for contractors or expediting the onboarding process for new hires, will also help to minimize scenarios in which password sharing is needed in the workplace.

Restrict network admin rights
Restricting IT admin and access rights to a small handful of users is invaluable in minimising the risk of data breaches as employees cannot give away information they don’t have access to. Always entrust this information to a key figure in your IT department and ensure that (s)he is adequately trained on the safe and encrypted storage of this information.

Businesses are vulnerable without employee education
Highlighting the need for employee education on the types of daily actions that leave a business vulnerable to cyber-attacks.
Use robust anti-malware and firewall software. Research has shown that the most common cyber-crime experienced in the UAE in 2017 was malware infection, which accounted for 53% of all cyber-attacks. And with ransomware featuring as the most prevalent cyber risks to small businesses today, protecting your business from ransomware and other types of malware is vital.

Existing anti-virus tools are not very effective against ransomware, which changes almost as quickly as new anti-virus tools are developed. Ransomware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. So, it is important to invest in software that has been specifically designed to deal with this challenge.

While effective anti-malware tools catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place is vital.

Investing in an optimised firewall is therefore key for preventing malware from entering your computer systems. And with cyber security threats changing at a rapid pace, always pay attention to update notifications and run them as soon as they become available. These updates are made in response to the latest cyber threats and are therefore a key tool in the fight against cyber-attacks.

Use software in conjunction with education
By using firewall and anti-malware software in conjunction with employee education you are well equipped to prevent, or at least deal with, attacks due to ransomware, which can enter computer systems through emails and other employee-related errors.

Protect against the threat of an attack
Even though the threat of cyber-attacks is real, it’s easy to forget all about it until one strikes. However, if your company has an online presence, stores customer and company data on digital devices and uses cloud-based software, a thorough cyber security strategy is essential.

The steps to achieving the peace of mind and financial security that such a strategy brings should involve the use of up-to-date data encryption, data back-up, and firewalls and anti-malware software. Implementing this alongside thorough and ongoing employee education on cyber security really is your best bet to ensuring that the threat of a cyber-attack never becomes your reality.

Entrepreneur.com

You Might Also Read: 

Business Cyber Security Strategy (£):

A Guide To Addressing Corporate IoT Security:

« Singapore’s Giant Healthcare Hack
GDPR Survey Shows 80% Non-Compliance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

K2 Integrity

K2 Integrity

K2 Integrity is a preeminent risk, compliance, investigations, and monitoring firm - built by industry leaders to safeguard our clients’ operations, reputations, and economic security.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

TriCIS

TriCIS

TriCIS design and engineer highly secure integrated solutions that meet the highest government and military security standards, providing information assurance to organisations across the globe.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.