By using our site you accept the terms of our cookie policy

Digital age defences – cyber security measures for every business

By Austen Clark, managing director of Clark Integrated Technologies

Image

It’s not only major organisations that become targets of cybercrime, many smaller firms expose themselves to the real danger of becoming a victim.

The internet brings huge opportunities, but it also poses risks. Every day organisations face cyber-attacks with attempts to steal information and money or disrupt operations.

Attackers have patience to acquire multiple footholds to launch an attack at the proper time. Data theft has been the driving force behind many of the latest attacks and is viewed as the world’s newest currency. As a result, it’s increasingly important  to manage risks and protect business.

There’s no such thing as a silver bullet – all systems have weaknesses and vulnerabilities - but there are steps that will protect your organisation from becoming the next victim of cybercrime.


Passwords

Passwords should be strong. Complex passwords can be hard to remember, resulting in people choosing weaker ones or using the same one for multiple accounts

Use or include three random words such as “elasticpostcream” in your password to help protect against common issues like brute force attacks (where an attacker tries many passwords with the hope of guessing it correctly), while keeping it simple enough for the user to remember. Use of symbols, capital letters and numbers makes it more secure.

Passwords should always be enabled, for example on mobile phones and laptops, and default passwords should always be changed to something unique by the user. They should also be changed in the event of a loss, for example if you’ve witnessed suspicious activity being undertaken on the account.

If you need help remembering your passwords, consider using a password manager to store them.


Encyption

Encrypt any sensitive data and do not send passwords or other sensitive data via email that is unencrypted.


Multiple Authentication Methods

Authentication confirms an identity (whether a user, machine, or device) by comparing provided credentials against an existing database of authorized identities before allowing access to a given system or application.

Multiple Authentication adds an additional layer of security to accounts or transactions. It usually combines something the user knows, like a password or PIN, with something they have, like a mobile phone for a number generating token. It may even be a fingerprint or facial recognition.


Backups

Data backups ensure that if there is any data loss or theft, files can be recovered. You should always backup your data in a different location so hackers cannot access both areas and you should also backup your data regularly.

Severe data loss can be caused without warning and the result is typically a massive disruption to you and your business. In these instances, a robust data backup is often the only road to recovery.

First think about what data should be backed up and where it is located. Backups should be performed daily and can be taken on physical devices such as a portable hard drive, or through a cloud-based backup service, depending on your business needs. The backups need to be isolated from associated network and device to protect them in the event of a malware outbreak. Digital backups can be secured through encryption or password protection. Store any physical backups in a safe location, while also making multiple copies where possible in case of device failure.

Don’t forget to test backups once they have been created. An untested backup could delay your business’ ability to recover from an incident and potentially leave you without a useable backup.


Software

Each piece of software your business uses offers the potential of unauthorised access into their host, making software a target for exploitation. Despite manufacturers’ best efforts, it isn’t possible to create perfectly secure software and so it must be patched and maintained to ensure it remains protected as new flaws and vulnerabilities are found.


Updates

Implement automatic updates where possible and create a manual update schedule for those that cannot be done automatically. Contact your device manufacturer or search their website for ‘Drivers and Downloads’ to find out more for each piece of software.

When setting up new devices remove any unnecessary pre-installed software, while ensuring that they have firewall protection enabled and are running up-to-date anti-virus software.

Modern operating systems offer built-in security features, allowing you to restrict the usage of individual users so implement these where relevant.


Awareness raising and training

People can be the weakest link in the security chain – make sure they understand the risks. Organisations can combat threats like phishing (the opening of an infected email) by raising awareness via training and testing and encouraging vigilance from all employees.

Your employees have a responsibility to help keep your business secure. Make sure that they understand their role and any relevant policies and procedures and provide them with regular cyber security awareness and training.

Make sure policies outline acceptable actions for your employees when in the workplace or using company equipment. You can provide formal cyber security awareness training and sporadic internal testing, such as sending fake phishing emails to employees to gauge their level of awareness based on how many people click on the potentially malicious links.


Accreditation

Seriously consider gaining cyber security accreditations, which show your partners and customers that your company takes cyber security seriously. SMEs should pursue Cyber Essentials and Cyber Essentials Plus, or IASME (Information Assurance for Small and Medium Enterprises).


Cyber security is a journey...
 
A strong cyber security stance is a key defence against cyber-related failures and errors, and malicious cyberattacks. Many attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations, so it’s vital to have the right cyber security measures in place to protect your organisation. Ensure it is regularly reviewed and kept up to date.

For more information on Clark Integrated Technologies visit www.clark-it.com