The Continuing Imperative
To protect the data of your staff, your customers and your business partners, it is becoming increasingly more important that businesses adopt appropriate organisational and technological controls. So… how long has it been since you really took a serious look at improving cyber security measures?
If like many organisations, your day-to-day activities comprise getting on with business as usual, it’s probably been some time, hasn’t it? We understand; we get it; business is business and there is always much to do. However, with increasingly more issues relating to deliberate cyber-attacks from criminals and state actors alike, coupled with the prospects of unintentional negligence within the workforce, it’s time to reflect on doing the right thing!
Sure, you understand just how vital it is to protect your systems, structures and data that lie at the heart of your organisation, and with all the best intentions in the world, you were determined to make this the year that you finally took your company’s IT security strategies to the next level.
Yet with that new product to launch, that big new contract to secure and a never-ending slew of demanding customers to appease, that big cybersecurity review you had planned just seemed to fall by the wayside.
Nor could anyone really blame you for letting it happen. Caught up in the frantic pace of towards constant, 24/7 economy, even the best-laid plans of small business owners often go awry.
Still, the fact remains that in today’s digitally-driven culture, potential cyber-attacks remain a very serious threat to any business, even yours!
That’s not to mention the recent arrival of the European Union’s (EU) General Data Protection Regulation (GDPR) and its UK implementation, the Data Protection Act 2018 which demands more robust cybersecurity measures for any organisation which collects data on EU subjects, no matter where in the world that business is based.
So, this isn’t something you can take lightly.
However, there is some good news:
Protecting your business against cybercrime, data theft and other critical issues may be essential, but it doesn’t have to be such hard work.
Here, we outline five quick and simple steps you can take right now to significantly improve your business’ cybersecurity with no fuss, no hassle, and minimal -if any- expense.
Before we do that, however, let’s address the one common IT security question we get asked perhaps more than any other:
Is Cybersecurity Really That Important to My Business?
It’s tempting to believe that it’s only global or large-scale organisations who remain the exclusive target of cybercriminals, with big name brands and multinational enterprises providing hackers with the potential for the most profit.
Yet there’s the thing:
Those large organisations may have the most money to steal, but they also have the most money to invest in the kind of next-generation security features that are simply beyond the scope of most other organisations.
Hackers and cybercriminals are not stupid. They know this all too well, and know that, though your business might not net them as a big a profit, you’re certainly a much easier target than the international corporation based across the city from you.
Not that you need be for much longer.
Today, we’re going to look at the simple, actionable tasks you can get to work on right away that are guaranteed to improve security, turning your business from an easy target to a serious deterrent for any would-be cybercriminal.
1: Review and Update Your Anti-Virus and Firewall Solutions
Yes, it sounds obvious. After all, things like anti-virus software and dedicated firewalls are some of the most basic cybersecurity tools businesses have at their disposal.
Still, you’d be surprised at how many businesses, especially those without their own in-house IT staff, don’t use them effectively.
Subscriptions expire, important updates can be left on your to-do list, a single wrong click can be made by someone without adequate knowledge of your firewall, any number of things can happen that can mean even the most basic business cybersecurity tools end up being completely ineffective.
Before you do anything else, stop.
Take some time to fully review anti-virus software, firewalls, and any other security tools you use to guard against things like ransomware, viruses and other forms of malware.
Remember, some of the most significant hacks in history have been facilitated by malware!
2: Arm Your Staff with Cybersecurity Know-How
Always thought your anti-virus software was your business’ first line of defence against a potential security threat?
That role is played by you, your staff, or anyone who has access to your information technology and other devices.
In 2017, a report was published which revealed that almost 90% -read that again, 90%- of all cyber-attacks were caused not by faulty software or inadequate systems, but by simple human error.
With that in mind, it’s vitally important that your team are equipped with the basic skills and knowledge they need to keep themselves, and your business, well-protected.
Consider investing in professional business cybersecurity training or compiling a list of resources for them to read, study or work through. It really won’t break the bank. We frequently alert organisation to the availability of world class learning resources made available for free via MOOC Courses developed by the world’s leading academic organisations and perhaps this is a sensible starting point?
If that’s not an option, at least schedule time to talk to them about the importance of using strong passwords (and changing them frequently), avoiding clicking on or downloading anything they don’t 100% trust to come from a legitimate source, and about the key role they play in your company’s cybersecurity efforts.
Remember, it doesn’t stop here. Many attacks are perpetrated by people socially engineering their way into your office. Regularly remind staff that If someone isn’t recognised they should be challenged. Remind them also that If someone telephones you and insists that they are from your IT department, get their name and call them back using a number from your internal directory. These extra steps will allow you to be certain you’re dealing with legitimate members of your team and not a hacker seeking physical access to your IT enterprise.
3: Update Your Software and Hardware
Despite the best efforts of developers, determined criminals and state actors will always find more and more sophisticated ways to exploit vulnerabilities in your IT infrastructure.
It’s for this reason that those same developers regularly release upgrades and patches, fixing those vulnerabilities and keeping the hackers out.
But let’s face it:
When you’ve got a thousand and one other things to do, it’s easy to ignore all those notifications that are crying out for you to install important updates, isn’t it?
Easy though it is, doing so could well be leaving your business susceptible to attack.
Stop what you’re doing right now and attend to any updates you may need to install. This one simple task could a significant improvement to your organisation’s cybersecurity efforts.
4: Switch to Two-Factor Authentication
You’ve done as much as you can to ensure that everyone who accesses your network uses a strong password that they change on a regular basis but that isn’t always enough, especially if an attacker is seriously determined to access your system.
That’s where two-factor authentication (2FA) comes into its own, adding an extra layer of defence between that criminal and your business’ network by forcing users to submit a second type of authentication before or after the standard username and password.
This could be a pin number or a secondary password. It could be a physical device such as a card or a fob, or it could even be done using biometric data such as fingerprints or voice recognition.
Moving to 2FA means that even if passwords are stolen, criminals still can’t access your system without this second level of identification.
5: Backup Your Data to a Secure, Offsite Location
You’ve done all you can to protect your business and the sensitive data you store, but unexpected problems can occur within even the most well-protected of organisations.
It’s for this reason that so many businesses invest in powerful, robust backup solutions, regularly creating a backup copy of their data which is stored in an offsite location (such as in the cloud) and kept secure using the latest data encryption technology.
Do think ahead though… Ensure the service provider you are using is GDPR compliant and not just exporting your data to a Third Country.
That way, even if the worst does happen, those businesses can quickly access their data and keep things running with minimal disruptions to their day-to-day operations.
If you only do one thing as a result of reading this article today, investing in secure data backup and recovery services should be it.
However, if this short read has given you an urge to take things further, consider this checklist to help you focus your efforts:
Want more help? Perhaps you are embarking on a comprehensive security assessment? If so, drop us a line at firstname.lastname@example.org, or visit our page to find out how we can help.