Five steps towards better cyber security
Cyber attacks can happen anywhere, at any time and to any business.
You may be familiar with high-profile cyber attacks like WannaCry and Not-Petya, as household names like the NHS and Telefónica have hit the headlines for being targets of these data leaks and cyber attacks.
That said, it is not just well-known brands that are likely to suffer a cyber attack. SMEs are just as vulnerable. According to the Cyber Breaches Survey 2020 conducted by the UK Department of Digital, Culture, Media and Sport:
“Almost all UK organisations grapple with cyber security risks, by the fact that almost all have email addresses and the vast majority (81% of businesses and 73% of charities in the 2019 survey) have a website.”
The report also revealed that one in five businesses targeted for an attack experiencing a negative material outcome, losing either money or data, or even both.
In 2019, 39% of businesses were negatively impacted in terms of the day-to-day running of their organisation due to cyber breaches. This meant that many had to implement new protection measures and that their staff’s time and resources were diverted.
Businesses of all sizes can take small steps towards improving their cyber security. We have listed five tips that can help your employees to protect your data, secure your devices and stay safe against cyber threats below.
Cyber security training for ALL employees
Spending cyber security budget on hardware and software will help your business to stay safe against cyber threats. However, without a trained and educated workforce, even new tech will leave your organisation stuck at square one.
Good cyber hygiene starts with education. IBM has revealed that human error is the main cause of 95% of cyber security breaches. Therefore the first thing your business needs to do is ensure that your employees are educated about the dangers of cyber threats.
If your employee has access to any device which connects to the internet, they must be educated about risk areas such as phishing attacks, weak passwords, and unsecured devices.
Despite advances in technology, the password has a vital role to play in the protection of your device and users should never underestimate the value of a good password.
In the past it was common for users to create passwords using the name of a spouse or pet, their hometown or birthplace. However, using social media, hackers can work these out easily. Try to steer clear of this type of password. Instead, use the “think random” approach which is recommended by the National Cyber Security Centre (NCSC). On its website, the NCSC advises that you should “create passwords using three random words. You just put them together, like ‘coffeetrainfish’ or ‘walltinshirt’.”
Protect all devices
Many businesses will immediately think about laptop and PC devices when considering their cyber security strategy. However, 55% of the internet’s traffic derives from mobile devices, which makes mobiles as much of a target in cyber attacks as PCs.
If your team is using business mobile devices, make sure they are taking advantage of the security features that are included within their devices. For example, Apple device users can use the ‘Find my iPhone’ feature, which helps them to locate their device if it is missing, as well as allowing them to remotely erase the sensitive data on it. This feature is also available on iPads.
Android device users can log into Android Device Manager to locate their devices on a map and set up the lock and erase capabilities, much the same as Apple. By wiping the device remotely, the device will be reset to its factory-installed settings.
Should your device be misplaced or stolen, adding these apps will drastically decrease the chances of your data being accessed by a cyber attacker. Not only are they free to use, but they are also easy to set up across your organisation.
Keep software up to date
Many of us are guilty of not updating our apps and devices or deleting ones that we no longer use.
There is a reason why you should update your devices regularly. These updates often include bug fixes to any holes in security or vulnerabilities.
So, when the time comes to install the latest software update, make sure you do it.
Comply with GDPR
On 25 May 2018, the EU’s new data privacy and security Directive, the General Data Protection Regulation (GDPR) was implemented across Europe. It included hundreds of pages worth of new requirements affecting organisations around the world.
The GDPR is the toughest data privacy and security law in the world. Though it was drafted and passed by the European Union, it imposes obligations on organisations anywhere, if they target or collect data related to people in the EU.
One key part of GDPR is being cyber compliant. GDPR is not an optional requirement. Your employees need to understand what personal data is, and how it should be collected, processed, and stored. As part of GDPR regulations your business should also be able to identify if a leak has occurred. Failure to comply with this will result in a fine from the Information Commissioner’s Office (ICO).
Lead by example
Across the board, your business must be invested in a strong cyber security strategy. If your business is not engaging with cyber security at a leadership level, it should make sure that it is investing time into this.
It is vital that leadership teams are involved in cyber security regularly, as cyber security is a CEO-level issue. Make sure your leadership team are actively involving themselves with matters around cyber security and make them aware of the need for a cyber risk assessment and strategy.
Officially backed by the UK Government, Cyber Essentials is a great solution for businesses looking to improve their cyber security settings and standing. By implementing five simple key controls, you can protect your business from up to 80% of common cyber security threats.
If you would like to see the Cyber Essentials Online questionnaire, contact us to get your sample copy now.