3 minute read
Protect your business from cyberattack HOW TO...
within the UK, as well as organisations outside the UK that offer goods or services to individuals in the UK. One area of cybersecurity that’s often overlooked is physical security, so keep your devices locked up when not in use, just as you do with diagnostic equipment and tools. Also, make sure all physical network connections, such as your wifi router, access points and network connections, are inaccessible to casual visitors.
Repelling hackers
Cybersecurity is vital for protecting your business from online threats such as theft, extortion and damage, and hackers may try to gain access to personal information or sensitive data to cause harm to your business. Of course, if your business is large and complex, you should seek expert advice, but there are a number of relatively simple things you can do right now to keep the hackers out:
1. Keep regular backups of critical business data.
2. Ensure all software is up to date.
3. Implement a password policy.
4. Put procedures in place to protect you from fraud.
5. Only connect devices to secure networks.
However, recent research shows that only half of all businesses do all five of these tasks, with around a third connecting to unsecured wifi.
The criminals’ toolkit
A cyberattack is when a hacker tries to disable systems, steal data or destroy information by gaining unauthorised access to a computer system. The European Union Agency for Cybersecurity list four common cyberattacks on small-to-mediumsized businesses:
1. Phishing – Fraudulent emails asking businesses to share passwords and information.
2. Malware – Software (a virus) designed to get unauthorised access and cause damage.
3. Malicious Insiders – Employees or former employees who have access to your system.
4.Denial-of-Service – An attack trying to overload company systems.
Having a good policy and strong defences in place will stop almost all of these cyberattacks. However, the technology and methods used to carry them out develops quickly, so it’s important to keep all procedures and defences up to date.
Are your defences up to the task?
Whatever your level of cybersecurity, it’s always worth auditing your systems, so how many areas of this checklist can you tick off? Most are easy to implement and will significantly reduce the possibility of a cyberattack.
Identify which data you need to back up
Keep your backup separate from your computer
Consider using cloud storage
Regular process
Install antivirus software
Block unknown apps
Keep all IT equipment up to date
Control how USB drives and memory cards can be used
Switch on a firewall
Equipment
Password protection
Stolen devices
Keep your software up to date
Don’t connect to unknown wifi hotspots
Passwords
Switch on password protection
Use two-factor authentication (2FA)
Don’t use predictable passwords
Help staff cope with ‘password overload’
Change default passwords
Reduce the impact of a successful attack
Think about how you work
Check for obvious signs of phishing
Make sure all attacks are reported
Information that your business couldn’t function without Access to data backups should be restricted so they are inaccessible to staff and not permanently connected
A service provider stores your data on their infrastructure so it’s physically separate from your location
Make running a backup part of your daily business schedule
Check the software is switched on Prevent staff from downloading them
Check all software and firmware are the latest versions
One device containing malware could devastate your business
This creates a buffer between your network and the internet
Notes
Use a suitably complex PIN or password on all equipment
Ensure that any lost or stolen devices can be tracked, locked or wiped
This includes operating systems as well as apps
There’s no way to easily find out who controls them
Notes
Use a screen lock password, PIN or other method such as fingerprint or face recognition
It adds a lot of security for not much effort
They should be easy to remember but hard to guess
Don’t enforce regular password changes. Passwords only need to be changed if you suspect they are compromised
A common error is keeping the default usernames and passwords that devices are issued with
Notes
Configure staff accounts to the lowest level of user rights required for their roles. If they fall victim to a phishing attack, potential damage is reduced
How could someone target your business? Ensure your staff understand best working practice
Many frauds originate overseas and standards of spelling, grammar, punctuation and graphics are often poor
Encourage your staff to ask for help if they think they may have been a victim of phishing
