Concerns over cyber security have skyrocketed in the last 12 months. It’s hardly surprising as the size, sophistication, and impact of network attacks coupled with burgeoning IT infrastructures make it increasingly difficult to manage and protect your network.
Advancing digitisation means that every business relies now on data and so every business is vulnerable to a cyber attack. Research reveals about one in 40 small businesses are at risk of being victim to a cyber crime whilst nearly seven in 10 large businesses identified a breach or attack in 2017.
Small businesses are hit particularly hard by such attacks, with nearly one in five taking a day or more to recover from their most disruptive breach. Those businesses that hold electronic personal data on computers are more likely to suffer cyber breaches than those that do not, either via fraudulent emails, viruses, malware and ransomware.
Furthermore, every new piece of hardware or software brings new vulnerabilities to even the most secure systems. It’s difficult to keep pace and enough to keep any IT manager awake at night - but a proactive approach to your security could help you get a good night’s sleep.
You need to know what you’re up against and, while no two cyber attacks are the same, they each draw upon a common arsenal of attacks that are known to be highly effective. These include:
- Insider attacks: alarmingly, insider threats (where your current employees steal your sensitive corporate data) account for nearly three-quarters of security breach incidents. Not all such attacks are deliberate though with 84% of reported breaches due to human error.
- Ransomware: during such attacks, software infects your network and locks you out of your systems, until a ransom is paid to the hackers. The NHS suffered a major ransomware attack last year, where at least 6,900 medical appointments were cancelled as a result of the WannaCry attack.
- Phishing: recent reports reveal these attacks have increased both in volume and sophistication. Here, a cyber criminal sends an email pretending to be someone or something they’re not to extract sensitive information from the target. The average cost of a phishing attack on a mid-size company is $1.6 million (approximately £1 million).
- Advanced Persistent Threat (APT): an unauthorised person gains access to your network and stays undetected as they steal data from your business. Some 91% of APT attacks start with a phishing email.
- Distributed denial of service (DDoS): these attacks shut down your business server, websites and network resources. The frequency of these attacks has increased more than 2.5 times over the last three years.
- Password attack: the attacker uses a range of methods to find out your business’ passwords. For example, they could use a brute force attack where a computer program tries to log in with possible combinations, a dictionary attack where the program cycles through combinations of common words or keylogging, where a program tracks all of the user’s keystrokes.
Identifying the Risk
The first step to protect your business is to conduct a preliminary security audit in order to identify your risk. You can achieve this by asking the following questions:
- What information do you collect?
- How is your information stored?
- Who has access to your information?
- How do you protect our data?
- What steps are you currently taking to secure your computers, network, email and other tools?
This should help you to identify any gaps in your network security so you can take steps to fully protect your business. Such measures may include:
Backup your data
You must regularly backup your corporate data to protect your business. Even small data losses can have an adverse effect where a loss of less than 100 files could cost your up to $35,000 (£20,000). However, research reveals 60% of small businesses don’t back up daily and many don’t perform backups at all.
Use Firewalls and Passwords to Protect Your Data
Firewalls create a buffer zone between your network and external networks. As a result, only authorised protocols, ports and applications can exchange data across the boundary. So, this reduces the exposure of your system to network attacks. However, a firewall alone will not protect your business.
Laptops, tablets, computers and phones all contain business critical data so you should always make sure they are password protected. However, you must make sure these passwords are robust. People reuse passwords and research reveals 19% of business passwords can ‘easily be compromised’.
Prevent Malicious Content
You need to take a multi-pronged approach to stop malicious content from infiltrating your network. Antivirus software must be installed and turned on all your company’s devices. If you have a BYOD (Bring Your Own Device) policy in place, make sure these are also adequately protected.
You may want to deploy malware checking solutions to examine inbound and outbound data at the perimeter of your network, as well as deploying internal protection. Ideally, these two lines of defence should differ to further protect your network.
Research reveals user education is as important as protection when it comes to battling cybercrime. So, you also need to educate your staff to prevent them from downloading third party apps from unknown vendors/sources. You could restrict permissions on their devices to achieve this.
This education extends beyond what your users download onto their devices. They also need to understand and identify any phishing attacks. Make sure they are aware of the obvious signs of phishing, report all attacks or suspected attacks, and keep up to date with the most popular techniques used by attackers so you can stay one step ahead.
Make Sure You Are GDPR Compliant
Mentions of the GDPR will have filled your inbox recently, but this new legislation can be used as a solid foundation to help you build a security strategy. The guidelines outlined in the GDPR are robust and detail the organisational and technical measures you need to take to protect your data and keep doing business across Europe.
Achieving GDPR compliance is a complex process and full details can be found at the Information Commissioner’s Office here. However, compliance could help guide your security strategies when it comes to training your staff in data protection and putting the right technical procedures and policies in place to protect against potential data breaches.
Network security is a complex and ever-changing landscape. Many organisations don’t have the budget or skills in place to assess their risk properly - but with data breaches costing UK organisations £2.5 million in 2017, your network security is your business’s life blood.
If you’d like to find out more, contact us today for a free assessment to discover how secure your business is.