How safe is your business from a cyber attack? Even though eight out of every ten cybersecurity and data privacy breaches are easily preventable by basic computer and network hygiene, more and more companies are becoming victims of cybercrime.
Incidents like the recent mining of Facebook data by Cambridge Analytica show the massive reputational damage a security breach can have, especially when customer data is compromised.
And on 25 May 2018, the European Union’s General Data Protection Regulation (GDPR) comes into force in the UK. Businesses face fines of up to 4% of global turnover if they don’t handle personal data correctly.
A robust cybersecurity policy will go some way to ensuring your business complies with GDPR – and avoids the penalties!
Here are five tips to ensure you stay within the law and keep staff and customer data safe.
1. Eight characters are not necessarily enough.
It’s time to go big on passwords and 2-factor authentication. Practise good password management by using strong passwords. And make sure your employees follow your lead.
By making your passwords as long and as random as possible, and including upper and lower case letters, numbers and special characters, you’ll reduce the risk of someone working out your password.
Avoid the common password mistakes: don’t use the same password across multiple sites; don’t share your password with anyone; don’t write your password down; don’t type in your password when someone could be watching; and, finally, whatever you do, don’t write down your password on a Post-It and stick it to your screen.
Wherever possible, use 2-factor authentication, particularly on internet-facing systems. This is where a user offers one more piece of evidence as well as their password, in order to prove their identity, and in doing so adds another layer of security.
Using 2-factor authentication goes some way to mitigating the risks of selecting a poor password or re-using a password. It can be set up to receive codes via SMS or using an authenticator app.
Try a Google search for Password Generator or use Norton’s Password Generator here.
2. Back it up.
Back up your data on a regular basis. By introducing a rigorous backup regime, you’ll be ensuring you don’t lose any data in the event of an attack.
If something is important to you, whether it’s sensitive documentation or your favourite family photos, it’s vital you keep a backup copy. The recent rise in ransomware makes this particularly pertinent. Not only can hackers maliciously damage or delete files, now they can hold you to ransom too.
As well as cloud-based storage options, you should also store your data in locations offline, where infected systems are unable to access it.
If you’re using an external hard drive, be aware that any malware which has infected your computer, could also infect your external device. You can reduce the risk of this happening by ensuring the drive is not permanently connected to your main device, either physically or via a network connection. Instead, only connect it as and when required.
Finally, carry out regular tests to ensure the backups are running correctly and that accessing the backed-up data is possible.
3. Guard against malware cyber attack.
Malware, or malicious software, is a type of software designed to cause harm to a user’s computer. It comes in many forms, including viruses, worms, Trojans and spyware.
To guard against malware, it’s important to not only remain vigilant, but also make sure you have the required policies and protective tools in place.
Being vigilant is the first layer of protection, but even the most careful users are at risk of cyber attack, so it’s vital to establish defences across your organisation. These will help reduce the likelihood of becoming infected, by blocking malware from spreading across your networks.
While protection is not an absolute guarantee of remaining secure, malware cybersecurity products do provide that essential second layer of protection – every personal and business computer should have a robust antivirus package.
Good antivirus software will
- check any newly downloaded programmes for malware
- scan your computer regularly for any malware which might have been missed
- update regularly so it can recognise the latest strains of malware
- recognise unknown malware threats (but only if it’s really good!).Remain vigilant. And use a robust antivirus protection.
Remain vigilant. And use a robust antivirus protection.
4. Beware of removable media.
Removable media devices have made life easier for many of us. But with convenience comes risk.
- Take great care what you plug into your computers. Malware can get in through infected flash drives, external hard drives and even smartphones.
- Check if you’ve got policies to manage the use of any removable media devices. If not, get them in place.
- Users need to scan all devices for malware before they plug them into a computer. If your system carries particularly sensitive data, consider disabling removable media completely.
- Malware is not the only risk with removable media devices. Loss of information (whether deliberate or accidental), and ultimately reputational damage, is also more likely without a removable media device policy in place.
Make sure all your staff know the risks of removable media devices. Make sure they never plug anything into a computer unless they can be 100% sure it’s safe to do so.
5. You are a target. Tighten up your cybersecurity.
Don’t ever think you’re not important enough to be attacked. Huge financial corporation or one-man-band operating out of your spare room, you’re a highly attractive target for a hacker. Everyone has something of value.
Remember, it’s nothing personal. A cyber attack is largely indiscriminate. If you have money (even a small amount) or data (email addresses, passwords, documents or client data), you instantly become a desirable target.
Take every precaution to protect what you can. Start with the first line of defence, the Firewall. Check out this single, consolidated threat-protection solution from Checkpoint.
They have a Threat Map to view cyber attacks live: https://threatmap.checkpoint.com/ThreatPortal/livemap.html
Follow our tips. Ensure you’ve done all you can to lock down your systems and protect your data. This shows you’re aware of the risks of a security breach. It should be enough to keep on the right side of the GDPR watchdogs if you do suffer an attack and data is compromised.
A little investment now will be easier on the pocket than a fine of up to 4% of your global turnover.
With our experience over the last 16 years in network security, we’ve seen a great many events, products and solutions.
Recently, we’ve become aware of an amazing cloud-based cybersecurity solution for all businesses. ICP Networks are very proud to work with Cyber X. We’ve got something very special to offer our clients for free.
How safe is your business from a cyber attack? We can help you identify and strengthen the three main areas of vulnerability. Take our cybersecurity free assessment to find out – and receive your detailed report today for free.