Five Key Ways to Protect Your Company Against Cyber Attacks

Uploaded on 2018-08-02 in NEWS-Cybersecurity News, FREE TO VIEW

As recent data breaches indicate, businesses of all types, sizes and in all locations are at real risk of a cyber attack at any given moment. 

In reality, there are just five specific steps that all companies need to follow to effectively protect against cyber-attacks: secure your hardware, encrypt and backup all your data, encourage a security-centered culture, use robust firewall and anti-malware software, and invest in cyber security insurance.

Here’s how to put these steps into action.

Secure your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of company hardware is often overlooked but the loss or theft of devices is a real threat to be aware of. 
Begin your cyber-attack prevention strategy with the basics: protect all devices with a complicated password, share the password with the device user only and commit it to memory instead of writing it down in an easily accessible place. Do not overlook the effectiveness of physically attaching computers to desks. This is a simple, yet effective way of preventing intruders from walking away with company equipment and the sensitive data they hold.
Finally, install ‘find my device’ software on all laptops, phones and tablets. By doing so, equipment that is stolen can quickly be located by the authorities.

Don’t overlook safeguarding company hardware
Data breaches commonly occur due to stolen equipment and so safeguarding your hardware is an easy strategy for improving your businesses cyber security.

Encrypt and back up data
An effective cyber-crime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. Companies can achieve the latter by always encrypting their data. 
As highlighted by researchers in the International Journal of Advanced Computer Science and Applications, data encryption remains the ‘most efficient fix’ for data breaches, should they occur. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. 

Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.

Also check that this software is activated and updated on all company devices. And minimise the amount of time a computer sits unused and unlocked by setting all devices to automatically enter ‘sleep’ or ‘lock’ mode after five minutes of no use.
Stay ahead by backing up data and storing it separately

After encryption, backing up all data is another key way of protecting yourself from security breaches. With ransomware hackers locking companies out of their systems, encrypting their data and asking for a ransom to be paid before releasing the data, you can stay one step ahead of them by backing up all of your data and storing it separately.

Invest in cyber security insurance
Because cyber criminals continue to work tirelessly to find ever more advanced ways of breaching security defenses, even the most security-conscious businesses remain at risk of an attack. 

US research into the cost of data breaches has shown that in 2017, the global average cost of a single data breach event was USD 3.6m, equivalent to USD 141 per data record. 

The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance, yet only 9% of UK businesses and 15% of US businesses have this type of insurance, according to the UK Department for Digital, Culture, Media and Sport, and the US Better Business Bureau, respectively.

Seek specialist advice for cyber security insurance
Minimise your risk by seeking specialist help to select the best type of insurance for your company, based on your risk of attack and the financial impact of such an event.

Create a security-focused workplace culture
Employees are the most common cause of data breaches as many don’t recognize external threats when they occur or have a good understanding of the daily actions that leave a company vulnerable to a cyber-attack. For example, the UK Cyber Security Breaches Survey 2018, carried out by the UK government and Portsmouth University found that 43% of UK businesses have experienced a cyber security breach or attack over the last 12 months, with only 20% of UK companies offering training to staff within the same time frame. 

Such breaches were more common in businesses in which staff members use their personal devices for work. Businesses need to ensure sufficient security training and education for staff remains a key focus, but where to begin?

Educate staff on the dangers of unsecured networks
Banning employees from using their personal devices for work may seem like an obvious approach, but this strategy seldom works in the long term. As staff members grow tired of the inconvenience, they are likely to return to accessing work on personal devices, regardless of policies prohibiting this.

It is therefore more impactful to teach staff how to use both their personal devices and work devices in a way that minimises the risk of being hacked. Top of the list should be educating them about the risks associated with using unsecured networks to access work information.

This should include clear definitions of what unsecured networks are, and where they are commonly found such as in coffee shops, airports, hotels and so forth. And then how to verify if a network is secure (secure networks require a key/password to access them).

Teach avoidance of unsecured websites
Staff members should be taught about the importance of never accessing unsecured websites on work devices because this gives cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords.

Discourage password sharing
Employers can create a security conscious culture in which password sharing seldom happens. By not only educating staff members on the risks, but also by leading by example and never sharing passwords or asking staff members to temporarily log in guests, contractors and new hires. Using protocols, such as creating temporary passwords for contractors or expediting the onboarding process for new hires, will also help to minimize scenarios in which password sharing is needed in the workplace.

Restrict network admin rights
Restricting IT admin and access rights to a small handful of users is invaluable in minimising the risk of data breaches as employees cannot give away information they don’t have access to. Always entrust this information to a key figure in your IT department and ensure that (s)he is adequately trained on the safe and encrypted storage of this information.

Businesses are vulnerable without employee education
Highlighting the need for employee education on the types of daily actions that leave a business vulnerable to cyber-attacks.
Use robust anti-malware and firewall software. Research has shown that the most common cyber-crime experienced in the UAE in 2017 was malware infection, which accounted for 53% of all cyber-attacks. And with ransomware featuring as the most prevalent cyber risks to small businesses today, protecting your business from ransomware and other types of malware is vital.

Existing anti-virus tools are not very effective against ransomware, which changes almost as quickly as new anti-virus tools are developed. Ransomware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. So, it is important to invest in software that has been specifically designed to deal with this challenge.

While effective anti-malware tools catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place is vital.

Investing in an optimised firewall is therefore key for preventing malware from entering your computer systems. And with cyber security threats changing at a rapid pace, always pay attention to update notifications and run them as soon as they become available. These updates are made in response to the latest cyber threats and are therefore a key tool in the fight against cyber-attacks.

Use software in conjunction with education
By using firewall and anti-malware software in conjunction with employee education you are well equipped to prevent, or at least deal with, attacks due to ransomware, which can enter computer systems through emails and other employee-related errors.

Protect against the threat of an attack
Even though the threat of cyber-attacks is real, it’s easy to forget all about it until one strikes. However, if your company has an online presence, stores customer and company data on digital devices and uses cloud-based software, a thorough cyber security strategy is essential.

The steps to achieving the peace of mind and financial security that such a strategy brings should involve the use of up-to-date data encryption, data back-up, and firewalls and anti-malware software. Implementing this alongside thorough and ongoing employee education on cyber security really is your best bet to ensuring that the threat of a cyber-attack never becomes your reality.

Entrepreneur.com

You Might Also Read: 

Business Cyber Security Strategy (£):

A Guide To Addressing Corporate IoT Security:

« Singapore’s Giant Healthcare Hack
GDPR Survey Shows 80% Non-Compliance »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

PartnerRe

PartnerRe

PartnerRe Ltd. provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

SolutionsPT

SolutionsPT

SolutionsPT enables customers to strengthen their Operational Technology (OT) network to meet the ever increasing demand for performance, availability, connectivity and security.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

Sovereign Intelligence

Sovereign Intelligence

Sovereign Intelligence provides automated insight into the relative intensity of hidden Cyber, Brand, and Financial Risks to your company.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMI Level-3 ISO 9001-2008, 27001-2013 certified global consulting and implementation company focused on Information Security and Cyber Security.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

JanBask Training

JanBask Training

JanBask Training is a dynamic, highly professional, global online training provider committed to propelling the next generation of technology learners with a whole new way of training experience.