Businesses nowadays need to take the correct steps and measures to fight cyber crime if they are to succeed in todays digital transformation.
For small and medium sized businesses, one of the biggest challenges is maintaining a secure IT network even while they expand and explore new innovations.
While it is the larger corporate security breaches that hit the headlines, the reality is that smaller-scale attacks are causing havoc on a daily business on smaller businesses. This is an ongoing battle we are facing now every single day.
According to a UK Government survey, more than 4 in every 10 businesses experienced a cyber security breach in the last 12 months, and although 75% of businesses say that cyber security is a high priority for their organisations senior management, less than 3 in 10 businesses have a formal cyber security policy in place.
Having a policy in place is only one step that businesses can take to protect their infrastructure. Below we talk about various other methods to get up to speed in the cyber security world.
Train employees in cyber security
Everyone has this impression that cyber crime is solely caused by malicious attackers. As that phrase is mostly right, outside attackers would not gain entry to our network half the time if it wasn’t without the help of human error.
To tackle this, current and new employees need to be made aware of any security policies within the business as part of their induction / refresher training.
Phishing attacks is most definitely most concerning for employers. Employees who are not up to speed with current company security policies or who aren’t aware of how dangerous today’s cyber crime is, are liable to download malicious attachments in emails that can allow malware on to their network. This now give attackers a foot into the network from which they can get their hands on very valuable information.
Many companies nowadays send out mock phishing emails to make employees aware of any potential risk.
Keep all devices updated
Undoubtedly, one of the greatest cyber security risks for businesses is not keeping their IT networks up to date. One attack which most people are familiar with would be the attack on the NHS in 2018, where the failure to update their network led to the famous WannaCry ransomware attack.
Businesses need to make this mandatory that regular updates are carried out on their computers (laptops, desktops and mobile devices), as well as making sure firmware updates are always carried out on devices such as routers, printers and scanners.
Ignoring these updates is leaving your door open to be exploited by hackers.
Have a Virtual Private Network in Place
Similar to firewalls, VPN’s protect computer data when employees are online by creating a safe and encrypted connection over a less secure network, such as the internet. This is something very useful for employees who use public wifi such as coffee shops.
Secure Business WiFi
An insecure WiFi connection can provide an easy router for hackers into your business network. Businesses should secure their WiFi so that only employees can access it, preferably without them actually knowing the password.
Guests should not have the same access as employees to help prevent unknown people from accessing your data.
Manage user privileges
Businesses today need to determine what rights and privileges users need to complete their day to day duties. To do this, IT admins need to make sure higher-level system privileges are carefully controlled and managed.
Redundant members of staff’s user accounts need to be disabled and removed from the network.
Password policies are highly recommended. Weak and easy-to-guess passwords are a classic vulnerability. For some accounts (Manager level) it may be an option to implement two factor authentication.
LoughTec Cyber Engineer