In today’s day and age, protecting your business from cyber security threats could not be more important. According to the National Fraud Intelligence Bureau, cyber crime has already cost British businesses and organisations an eye-watering £699 million this year. In addition, it takes an average of 181 days to identify a data breach, and a further 75 days to resolve an incident. Falling victim to a cyber crime can have a huge impact on your company’s reputation, as well as financial implications, so taking measures to protect your employees and your business from these threats should be a priority.
Thankfully, it’s easy to stay protected from cyber security threats, and reduce the risk of your business falling victim to them. With proper training and vigilance, you can make sure your company is staying one step ahead of the game. Keep reading to find out ten easy ways to keep your business cyber-secure.
Back up your data regularly
Backing up your data will mean that you can recover it if you have computer problems or experience a cyber incident of any kind. Your most important information should be backed up as often as possible, and it’s a good idea to use multiple back-up methods such as a physical hard drive or USB drive and an online cloud storage system.
Make sure to regularly check that you can access this data and restore it from your back-ups in the event of an incident. Furthermore, educate your employees about safety practises for physical backups, for example whether they are allowed to take these backups off site and what to do if they are stolen or go missing.
Encrypt important and sensitive data
Encryption adds an extra layer of protection to your data, and is one of the most efficient cyber security measures you can use. It turns data into unreadable computer code, so even if a malicious party is able to gain access into your company’s system, they won’t be able to view any data that has been encrypted.
Encrypting your company’s most sensitive data such as customer information and employee’s financial details should be a priority. Any data breaches not only put this information at risk of being misused, but can have a huge impact on your company’s reputation, potentially with long-term consequences such as losing customers’ trust. Encrypted files should be regularly checked and backed up as frequently as your other files, if not more so.
Train your employees about online safety
Many cyber security incidents can be prevented with simple training. It’s important to educate your staff about the kinds of cyber threats they can encounter, and how to identify and avoid these in order to keep themselves and your company safe.
Make sure they know things such as not sharing sensitive personal or customer information online, how to create and use strong and complex passwords, how to spot a suspicious email or phone call, and how to report any potential or actual cyber threats they’ve come across. Your business is only as protected as your least-informed employee is, so keeping everyone in the loop with regular training is essential.
Keep company devices up to date
Make sure all company hardware such as phones and computers are regularly updated. Most manufacturers release patches and updates automatically, so install these as soon as possible to prevent hackers from gaining access to older systems. This also applies to any software or programs that your company uses. You should check for new updates at least every other week, and make time to install and configure these updates.
Most updates only take a few minutes, and keeping up to date with them is one of the easiest ways to protect yourself and your company from cyber threats. In addition, make sure your employees know how to maintain their company-owned devices as part of their cyber security training, and the role they have to play in keeping the business cyber-secure.
Change passwords regularly
According to Verizon, 80 percent of all hacking-related security breaches are caused by stolen passwords and other credentials. However, these can be easily avoided in most cases by regularly changing between strong and individual passwords. The best passwords are complex, with a mixture of letters, numbers and symbols, and are unique to a particular account or device.
It can be tempting to use the same password across multiple accounts for the sake of convenience, but it only takes one account being compromised to put these other accounts at risk too. Make sure to change your passwords regularly, and that they aren’t easy for somebody else to crack – ‘password1234’ might be simple enough to remember, but it wouldn’t offer you much protection from anyone else who wants to access your data.
Set up website and email filters
Keeping an eye on your employees’ online activities can help you identify which websites might need restricted access. Setting up website filters might seem a bit Orwellian, but in the long run these can help prevent your employees from unknowingly clicking on to a suspicious website and putting themselves at risk of becoming a hacker’s target. You should also discourage your staff from using public wi-fi when using company devices, such as in cafés, as these networks generally offer little privacy or protection.
Proofpoint reports that in 2020, 75 percent of organisations around the world experienced a phishing attack. These attacks are most frequently carried out through text or email, so consider setting up email filters, which will help prevent your employees from receiving spam emails that may contain phishing links or files. However, make sure your employees know how to identify these fake messages for themselves as part of their online safety training.
Secure your network
There are several measures you can take to secure your network, which will help improve security across your organisation. Having a firewall set up will protect both your hardware and software by blocking viruses from entering your network, and security software such as a reliable antivirus program can target and remove any viruses that might have slipped through the cracks and got into your system.
Having a virtual private network, or VPN, is another way to keep your network safe when using the internet. This adds another layer of security and gives you a secured connection that will make it even harder for hackers to access your information. Having a VPN is particularly important if your company uses public wi-fi, for example when travelling or in a coffee shop, as these networks are notoriously easy for hackers to break into and steal user information from.
Build a data security policy
Building a data security policy can help you keep track of who has access to what data, which can minimise the fallout from a potential breach. Critical data should only be accessible to trusted and senior staff, such as management. This helps provide accountability in the event of a breach, and is generally good practise to ensure that nobody has access to information that they don’t need.
As your company grows, so will the amount of data you have access to. A good data security policy will outline procedures such as how data is safely moved around, how important different data is, and who has permission to access it. Make sure that data is organised as efficiently as possible, as this will ensure that data that is outdated or otherwise no longer needed is not being held onto unnecessarily, which is good both for general housekeeping and cyber security purposes.
Dispose of old devices and media safely
Sometimes your company may need to replace equipment such as phones, laptops or hard drives. It’s important to do this with cyber security in mind – a misplaced piece of equipment that has sensitive information on it can quickly lead to a cyber incident. Make sure all information is wiped from a device before disposing of your tech, and if you have any paper data, destroy it with a shredder or incinerator. These steps will make it impossible for even the most determined third party to access your information.
You may want to consider having remote wiping software installed on portable devices, so that if they are lost or stolen they can still be removed of their data without you needing access to them. Make sure the passwords for any accounts used for a lost device are also changed as soon as possible – even if the device is later found, if you don’t know who might have had access to it in the meantime, it’s better to play it safe.
Have a recovery plan prepared
Even the most well-prepared organisations can still fall victim to a cyber incident – most threats can be avoided, but there will always be some risk in being online. Having an effective recovery plan is essential to minimising disruption from any cyber attack. This should outline an escalation path, and an order of who is responsible for dealing with certain areas. Strong communication is critically important to ensuring any incident is quickly resolved, and your recovery plan should emphasise this.
It may be worth investing in cyber insurance, so that in the event of an attack you can reduce the financial impact and help business get back to normal as soon as possible. Consult with your team and decide if this is something you think might be beneficial for your business, particularly if you regularly deal with sensitive information.
Vigilance is the most important part of cyber security. In addition to this advice, you should monitor any suspicious behaviour from employees and visitors alike – as the saying goes, it’s better to be safe than sorry. By following these tips, your company will have an airtight cyber security strategy that minimizes the risk of data breaches or other cyber incidents.
There are over 1 million unfilled jobs in the cyber security sector, and over 50 percent of UK businesses say they aren’t prepared to deal with a cyber security attack – so now is the perfect time to start a career in this exciting industry.
As a CompTIA authorised partner, we can help you get qualified and start helping businesses fight the online threats of tomorrow. Find out more about our cyber security course over on our website here, or call us on 0203 982 7573 to speak with a member of our team today!