No organisation is immune from cyber attacks. All organisations of all sizes and industries can be targeted, whether they are charities or businesses, in the public sector or private sector. According to the Cyber Security Breaches Survey 2019, published in January 2019, 32% of businesses and 22% of charities identified cyber security breaches or attacks in the last 12 months. Among these affected businesses and charities, 27% of the businesses and 32% of the charities reported that dealing with the breaches or attacks took up staff time. Many of the staff who are relied upon to fix security issues are not likely to be trained in cyber security or even fully understand how the breach occurred in the first place.
This is an ongoing trend towards cyber security with an easy resolution. If organisations implement basic staff training in cyber security and the simple key controls that are needed for Cyber Essentials accreditation, then less of their time will be spent dealing with security breaches if they arise. Read on to find out what your organisation can do to help your staff be more aware of cyber security – not only to deal with cyber security attacks more effectively but implement measures to prevent them from happening in the first place.
Don’t reuse the same passwords
There is a great deal of information out there about the best password practice for businesses. As a general rule, not only should passwords contain uppercase and lowercase characters and numbers, but employees should never use the same password twice. The reason for this is simple – if a hacker cracks one of your passwords, they will use many different combinations of this password to crack the rest of your accounts. If your password is the same for everything, you are making the hackers’ job much easier. The damage a stolen password can cause shouldn’t be underestimated, as shown by the Dropbox security breach in 2012. It was found that Dropbox’s security breach was caused by an employee using the same password for LinkedIn as for the Dropbox business network, which allowed hackers to steal more than 60 million user credentials.
If employees struggle to remember passwords or continue to use the same passwords twice, it may be useful to use a password manager tool instead. A dedicated password manager stores your passwords in an encrypted form to help employees generate random secure passwords for temporary use.
Don’t use public networks
It is very common for employees to be working remotely, either from home or from a public space, such as a coffee shop. In these scenarios, it is crucial that employees avoid connecting to unsecure Wi-Fi networks where possible. On public networks it is relatively easy for cyber attackers to capture sensitive information such between the user and incoming data or viruses. If there are no other networks to connect to, your best option would be to use a good quality virtual private network (VPN), which means your data would be strongly encrypted, making it more difficult for hackers to access.
Keep all software and apps up to date
Updating software can be time-consuming and frustrating, but it is essential to keeping cyber safe. With every software or app update will come bug fixes that will help boost your cyber security, effectively maximising your protection against cyber attacks. Employees should always set their software settings to update automatically, so that when the time comes, they cannot hit ‘remind me tomorrow’. It’s also good to point out that keeping software up to date is one of the five key controls to Cyber Essentials accreditation.
Be aware of phishing attacks
Phishing attacks are one of the most popular forms of cyber security attacks. Phishing attacks, sometimes referred to as spear-phishing attacks, appear in the form of text messages, emails, phone calls or whole websites which present in the same form as the legitimate organisation they are impersonating. Their communications can be uncannily similar, and in some cases, it can be difficult to identify a phishing attack. Most employees in organisations are not trained to recognise what phishing attacks are, and therefore they can be easily tricked into opening an email or clicking on an infected website link. Employees should learn how to spot the warning signs of a phishing attack, to prevent severe damage.
Your Cyber Essentials accreditation
Officially backed by the UK Government, Cyber Essentials is a great solution for businesses looking to improve their cyber security settings. Cyber Essentials accreditation can be achieved by implementing five simple key controls, which will protect your business from the most basic of cyber security attacks online.