Business owners of all sizes have a lot to deal with day-to-day: managing staff, growing accounts and meeting clients. With all this keeping you busy, implementing preventative measures against potentially catastrophic cyber attacks can often be overlooked. Alarming, recent studies have shown that cyber attacks have cost businesses over £34bn a year in the UK alone. F5’s OWASP glossary provides crucial information for raising awareness about web application security risks and best practices to address the increasing challenges of web application security.
However, realising the dangers posed, and adopting a commitment to security within your business will ensure that any risks are mitigated. Safeguarding your business falls into four key areas:
Basic Internet Safety :
One of the quickest and most effective safety measures you can implement right now is ensuring that your operating systems and internet browsers are up to date. Developers are continually upgrading software in response to known security flaws and possible breaches, so it pays to update as frequently as possible. Within your firm, consider blocking internet access to potentially dangerous sites by using an internet filter. This can also be used to stop access to unapproved cloud sharing sites.
Make sure to also encrypt your wireless network to prevent unauthorised access. WiFi, used at public spaces and even work conferences, is particularly susceptible to malicious attacks. Using a work phone and laptop offsite throughout the day presents problems if your device is set to automatically search and connect to networks in range. In these instances, try to use any built-in data plans or only manually connect to trusted and secured networks.
Staff Training :
Educating your employees on the threat posed by cybercrime, and measures they can take to prevent it, is essential. You must foster an environment where staff feel confident challenging suspicious emails and requests.
Employees bringing in their own devices can also unwittingly transfer malicious software such as viruses and ransomware.
Regular training updates and a strong awareness program when taking on new hires is essential. New staff could pose a threat – particularly if your business handles sensitive data – so it goes without saying that thorough background checks should be done. You should also ensure that permissions and access to data is reviewed continually, especially for staff that change roles within the company.
Password Protection :
This is one major security requirement that even small businesses on a tight budget can initiate. If you or your staff currently keep a list of passwords on an unencrypted document on the computer, or even written down on a notepad, your business is vulnerable to attack.
Passwords should be changed often, and bosses should consider automating password prompts that alert staff to change their password at set intervals. There are also programs available that store all your passwords in an encrypted space, accessible with just one password. Whenever available, take advantage of two-step authentication. Along with a password, users will be required to enter a one-time code that only they can access to allow them entry.
Email Safety :
One of the most commonly-attacked areas of business is email. Cyber criminals can target a potentially huge amount of businesses who have emails in the public domain using so-called ‘phishing’ emails, whereby the hacker poses as a legitimate colleague or business. These emails often contain links to spoof sites, which enable them to collect sensitive data or they will infect your computer with malicious software.
This list of safety essentials provides sensible advice for anyone with email access:-
- Only open emails from trusted sources – pay attention to the exact spelling in the ‘from’ address. Hackers will often use seemingly legitimate names but an odd email address.
- Where possible, don’t send sensitive information over email – phishing emails will often ask you to enter sensitive information either directly in the email or through a link. Report any such email as spam and block the sender.
- Never open an attachment you weren’t expecting – common attacks include an email aimed at the HR department, with an attached ‘CV’ that hides malicious software such as ransomware.
Ransomware attacks are particularly debilitating to small businesses, as the hacker will attempt to extort a ransom payment to release data and files they have encrypted. Until this is paid, access is at the mercy of the criminal. Recently, the devastation ransomware can cause was highlighted by the attack on the NHS.
If your business has been affected by this cybercrime, all is not lost as there are specialist companies that deal with ransomware removal for business such as Monster Cloud. They are skilled at dealing with the security breach and ensuring your systems are protected from further attacks.
This post complies with my Disclosure Polciy