The Top Five Cyber Security Concerns
A form of malicious software that encrypts your data and then demands that you pay to have the unscramble code. Much ransomware is delivered to companies through malicious code embedded in emails but increasing sophistication on the part of attackers is also exploiting network and system vulnerabilities.
Ransomware: Protecting your company from exploitation
Here’s how to protect your business from ransomware attacks:
- Staff awareness: staff need to be alert to unsolicited emails – especially those with attachments or wanting an unexpected response. Increasingly these look very similar to internal emails – even down to branding so extra vigilance is needed.
- Anti-malware software: install, and keep up to date, good quality antivirus and anti-malware software. Keeping the software up to date is essential as cyber criminals never stand still. Keep one step ahead!
- Software updates: malware can take advantage of weaknesses elsewhere in your systems, such as in software applications – so make sure you keep these up to date. Keep operating systems up to date too, allowing automatic updates (which often included security patches).
- Data backups: follow a programme of managed data backups so that should the worst happen you can quickly recover an earlier version of your system. At worst, you’ll only lose a small (the most recent) part of your data.
Phishing is an attempt to access sensitive information – like passwords and logins via an email whilst posing as a reputable organisation, such as a government department or bank. Like ransomware emails, these emails can look very convincing. Any suspect emails should be closely examined. Watch out for the increasing incidence of ‘spear fishing’, sometimes known as CEO Fraud, where communications mimic those from senior management.
Phishing: Avoid your team from getting drawn in
A few steps you can use to protect yourself and your business
- Be alert: companies and banks in particular, do not ask for sensitive information. Period. Be suspicious of unexpected emails.
- Use Spam filters: and make sure they are turned on. Check the spam folder now and again in case you have inadvertently trapped a legitimate email.
- Install antivirus/anti-malware software: Such packages can aid identification of phishing emails – but never rely on this entirely.
- Watch out for spear phishing: emails that can look entirely convincing and often appear to come from someone up the management tree in your organisation.
3. Data Leakage
Data leakage can cause local embarrassment or major corporate disruption. The results of data leakage can similarly range from local reputational damage through damage to a company’s reputation and on to significant financial penalties for breaching legislative compliance. The proliferation of mobile devices, particularly, provides a challenging environment for any office or business and a greater opportunity for data leakage.
Data Leakage: Plug all the holes with these simple tips
- Lock your devices: avoid obvious routes for data dissemination by always ensuing your mobile devices’ pass code locks are engaged.
- Track my device: activate tracking / GPS location apps which can keep tabs on the location of the device and often give you the option of wiping or disabling a lost/stolen device.
- Use Encryption software: if the device is not personal, encryption software is highly recommended and makes data extraction very difficult.
- Vigilance: don’t leave any mobile devices unattended – even when in the office or you feel you are in a safe location.
- Regulatory compliance: develop an in house procedure for compliance and roll out across the company. Cyber security experts can help in the development of this.
Perhaps seen as a more conventional way of gaining access to IT systems from outside, it is still a widely used method: hackers break your organisation’s security system (identifying and exploiting any weaknesses they can find) and wander around your servers at will either to harvest data or simple cause disruption.
Hacking: Ensure you keep your defences solid by:
- Firewalls and Security: Make sure you’ve enabled all the software and other protections that limit (or control) external access to your servers.
- User Training: Make cyber security part of your culture: this works for all aspects of security but comes to the fore here in identifying and monitoring threats. Basic training in cyber security is essential for all businesses.
- Be mindful of phishing: we’ve already talked about this – but phishing also provides a simple route into a business’s servers
- Test your system: employ an ethical hacker to try to get into your system before a cybercriminal does. Using the same principles and processes as the cybercriminal, ethical hackers will look at all the weaknesses in your system, use them to gain access and then provide you a solution to them.
5. Inside Threats
The people in a company are an oft-neglected opportunity for cyber security breaches. Poor procedures, accidents and malice can all lead to problems.
Inside Threats: Reduce your openness to risk using the following:
- Train your staff: a basic training in cyber security should be a pre-requisite, but a more comprehensive training / e-learning programme can successfully help reduce threats.
- Restrict access: ‘need to know’ was an oft-used phase for paper based documents and information but digital data too should be limited in access to those that need to know the content or work with that content.
- Limit high level access: give staff access only to what they need for their job role and apportion admin-level access wisely.
- Monitor removable data devices: restrict or limit the use of portable storage devices, including USB memory keys, portable hard drives and mobile devices. Keeping track is never easy.
- Apply robust procedures: define who can do what, and what happens, for example, when a member of staff leaves, to ringfence their data and access to it.
What can you do if you think your systems have been breached?
If you suffer a breach – or suspect you might have – the remedial action will depend on the actual breach. As a key first step change all your passwords and advise all colleagues to do likewise. Liaise with any financial bodies – such as banks – that you deal with and advise them, even if there is just a possibility of a breach. Where relevant you may also need to contact customers, to ensure any problems you are having are not passed on to clients.
How do you know what else to do? It can be difficult – and you can end up doing too much or too little. That’s why it is always recommended that you deal with a professional organisation who can work with you to assess and negate the effect of any breach.
Or if you have not been breached?
Been lucky and not had a breach? Great news. But that doesn’t mean you’re safe. It’s still crucial to get a full audit, have measures put in place where weaknesses are detected so you never find yourself in that position. We can also help you create an Incident Response Plan – so give you additional reassurance when you have to plan for the worst.
Get in touch now for an informal discussion and let’s see how we can work together to prevent cyber security threats compromising your business.