Five Key Ways to Protect Your Company Against Cyber Attacks

Uploaded on 2018-08-02 in NEWS-Cybersecurity News, FREE TO VIEW

As recent data breaches indicate, businesses of all types, sizes and in all locations are at real risk of a cyber attack at any given moment. 

In reality, there are just five specific steps that all companies need to follow to effectively protect against cyber-attacks: secure your hardware, encrypt and backup all your data, encourage a security-centered culture, use robust firewall and anti-malware software, and invest in cyber security insurance.

Here’s how to put these steps into action.

Secure your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of company hardware is often overlooked but the loss or theft of devices is a real threat to be aware of. 
Begin your cyber-attack prevention strategy with the basics: protect all devices with a complicated password, share the password with the device user only and commit it to memory instead of writing it down in an easily accessible place. Do not overlook the effectiveness of physically attaching computers to desks. This is a simple, yet effective way of preventing intruders from walking away with company equipment and the sensitive data they hold.
Finally, install ‘find my device’ software on all laptops, phones and tablets. By doing so, equipment that is stolen can quickly be located by the authorities.

Don’t overlook safeguarding company hardware
Data breaches commonly occur due to stolen equipment and so safeguarding your hardware is an easy strategy for improving your businesses cyber security.

Encrypt and back up data
An effective cyber-crime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. Companies can achieve the latter by always encrypting their data. 
As highlighted by researchers in the International Journal of Advanced Computer Science and Applications, data encryption remains the ‘most efficient fix’ for data breaches, should they occur. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. 

Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.

Also check that this software is activated and updated on all company devices. And minimise the amount of time a computer sits unused and unlocked by setting all devices to automatically enter ‘sleep’ or ‘lock’ mode after five minutes of no use.
Stay ahead by backing up data and storing it separately

After encryption, backing up all data is another key way of protecting yourself from security breaches. With ransomware hackers locking companies out of their systems, encrypting their data and asking for a ransom to be paid before releasing the data, you can stay one step ahead of them by backing up all of your data and storing it separately.

Invest in cyber security insurance
Because cyber criminals continue to work tirelessly to find ever more advanced ways of breaching security defenses, even the most security-conscious businesses remain at risk of an attack. 

US research into the cost of data breaches has shown that in 2017, the global average cost of a single data breach event was USD 3.6m, equivalent to USD 141 per data record. 

The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance, yet only 9% of UK businesses and 15% of US businesses have this type of insurance, according to the UK Department for Digital, Culture, Media and Sport, and the US Better Business Bureau, respectively.

Seek specialist advice for cyber security insurance
Minimise your risk by seeking specialist help to select the best type of insurance for your company, based on your risk of attack and the financial impact of such an event.

Create a security-focused workplace culture
Employees are the most common cause of data breaches as many don’t recognize external threats when they occur or have a good understanding of the daily actions that leave a company vulnerable to a cyber-attack. For example, the UK Cyber Security Breaches Survey 2018, carried out by the UK government and Portsmouth University found that 43% of UK businesses have experienced a cyber security breach or attack over the last 12 months, with only 20% of UK companies offering training to staff within the same time frame. 

Such breaches were more common in businesses in which staff members use their personal devices for work. Businesses need to ensure sufficient security training and education for staff remains a key focus, but where to begin?

Educate staff on the dangers of unsecured networks
Banning employees from using their personal devices for work may seem like an obvious approach, but this strategy seldom works in the long term. As staff members grow tired of the inconvenience, they are likely to return to accessing work on personal devices, regardless of policies prohibiting this.

It is therefore more impactful to teach staff how to use both their personal devices and work devices in a way that minimises the risk of being hacked. Top of the list should be educating them about the risks associated with using unsecured networks to access work information.

This should include clear definitions of what unsecured networks are, and where they are commonly found such as in coffee shops, airports, hotels and so forth. And then how to verify if a network is secure (secure networks require a key/password to access them).

Teach avoidance of unsecured websites
Staff members should be taught about the importance of never accessing unsecured websites on work devices because this gives cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords.

Discourage password sharing
Employers can create a security conscious culture in which password sharing seldom happens. By not only educating staff members on the risks, but also by leading by example and never sharing passwords or asking staff members to temporarily log in guests, contractors and new hires. Using protocols, such as creating temporary passwords for contractors or expediting the onboarding process for new hires, will also help to minimize scenarios in which password sharing is needed in the workplace.

Restrict network admin rights
Restricting IT admin and access rights to a small handful of users is invaluable in minimising the risk of data breaches as employees cannot give away information they don’t have access to. Always entrust this information to a key figure in your IT department and ensure that (s)he is adequately trained on the safe and encrypted storage of this information.

Businesses are vulnerable without employee education
Highlighting the need for employee education on the types of daily actions that leave a business vulnerable to cyber-attacks.
Use robust anti-malware and firewall software. Research has shown that the most common cyber-crime experienced in the UAE in 2017 was malware infection, which accounted for 53% of all cyber-attacks. And with ransomware featuring as the most prevalent cyber risks to small businesses today, protecting your business from ransomware and other types of malware is vital.

Existing anti-virus tools are not very effective against ransomware, which changes almost as quickly as new anti-virus tools are developed. Ransomware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. So, it is important to invest in software that has been specifically designed to deal with this challenge.

While effective anti-malware tools catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place is vital.

Investing in an optimised firewall is therefore key for preventing malware from entering your computer systems. And with cyber security threats changing at a rapid pace, always pay attention to update notifications and run them as soon as they become available. These updates are made in response to the latest cyber threats and are therefore a key tool in the fight against cyber-attacks.

Use software in conjunction with education
By using firewall and anti-malware software in conjunction with employee education you are well equipped to prevent, or at least deal with, attacks due to ransomware, which can enter computer systems through emails and other employee-related errors.

Protect against the threat of an attack
Even though the threat of cyber-attacks is real, it’s easy to forget all about it until one strikes. However, if your company has an online presence, stores customer and company data on digital devices and uses cloud-based software, a thorough cyber security strategy is essential.

The steps to achieving the peace of mind and financial security that such a strategy brings should involve the use of up-to-date data encryption, data back-up, and firewalls and anti-malware software. Implementing this alongside thorough and ongoing employee education on cyber security really is your best bet to ensuring that the threat of a cyber-attack never becomes your reality.

Entrepreneur.com

You Might Also Read: 

Business Cyber Security Strategy (£):

A Guide To Addressing Corporate IoT Security:

« Singapore’s Giant Healthcare Hack
GDPR Survey Shows 80% Non-Compliance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

LogicManager

LogicManager

LogicManager offer a complete set of IT governance, risk and compliance software solutions and advisory services.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

Prove & Run

Prove & Run

Prove & Run provides a patented software development toolchain that is specifically forged to deal with the complex security properties of sensitive software components.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.