Top 10 cyber security tips your business can implement now
Cyber attacks cost businesses, not only in terms of money but also in downtime, loss of data and loss of customer and partner trust.
The increased use of mobile devices has seen the breakdown of firewalls and other traditional cyber security measures, principally because these devices exist outside the company’s internal protected networks. They are therefore extremely vulnerable. With work from home mandates due to Covid-19 and the ever-growing demand for hybrid work environments, businesses must introduce new measures to protect staff both in the office and remotely.
So, what can you do to protect your business from cyber attacks? We’ve compiled our top 10 cyber security tips to help you effectively protect your business and its valuable assets.
The cyber security threat landscape
Phishing remains the most common cyber threat, with 83% of UK businesses that reported a cyber attack labelling the attempt as phishing.
What is alarming is that only 14% of UK companies carry out cyber security awareness training for their staff. Education on how to spot a phishing email is crucial for protecting staff and company networks.
Third-party networks are another potential weakness in a company’s IT infrastructure. Just 1 in 10 businesses review the cyber security risks posed by their immediate suppliers. With globalisation and the increasingly powerful internet allowing businesses around the world to connect, those businesses must ensure that their entire supply chain is secured.
In many cases of breaches, it comes down to cyber hygiene. Ensuring the right cyber tools are in place and the implementation of cyber security awareness training can make all the difference. For example, two-factor authentication – we use this tool when logging on to our social media, personal email and PayPal accounts, but how many IT professionals implement this for staff to access confidential company data? Less than half of the UK’s IT professionals use two-factor authentication within the business.
Top 10 cyber security tips
Install antivirus software
Whenever you open a page on the internet or click a link in an email, there is the potential for malware to infect your business’s network.
Antivirus software is designed to not only track and locate malware but also remove it. Most operating systems include basic antivirus software that protects against simple threats. However, it is recommended that businesses invest in a more comprehensive antivirus solution that is better suited for handling large amounts of data.
While antivirus software is not enough on its own to completely protect your IT infrastructure, it is a simple measure that adds an extra layer of protection for staff. It is especially useful for employees working remotely, so make sure it is installed on mobile devices that are used to access office networks.
Ensure software and hardware are up-to-date
Software updates are rolled out to fix bugs and patch security issues. While it can be tempting to ignore updates, particularly on busy days, out-of-date software is more vulnerable to attack. Ensure that all programs and operating systems are set to run automatic updates to ensure your business is running the latest features and security.
In addition, most software updates can be run overnight, which helps avoid any disruption to workflows.
It’s not just the software that needs to be considered. If any hardware is outdated, it may not be able to run the latest versions of software. Legacy systems are easy targets for hackers, and older hardware can impact productivity – they are slow and more likely to break down
Encrypt your data
One of the best ways to protect your data when it’s passing from one party to another is by using encryption software. This is particularly important when using mobile devices, laptops and tablets. Should any of these devices be lost or stolen, data encryption ensures that sensitive information is inaccessible.
Run regular data backups
All businesses must have facilities to run regular data backups and be able to store them. This is particularly important in defending against ransomware threats and attacks that target data centres. Being able to recover data quickly is crucial for a business to keep trading, reducing the impact of a cyber attack as well as maintaining customer trust and reputation.
Use strong passwords
It’s often left to the employee to decide their passwords to access a company’s systems. Whilst there are approximately 200 trillion possible number and letter combinations for passwords, hackers have the technology that automatically runs billions of combinations until they find the correct one. Password best practices therefore need to adapt:
- Avoid personal details in a password, such as family or pet names.
- Don’t write down and store your passwords, particularly not in diaries or on sticky notes, and never in a public place.
- Use a unique, random selection of letters, numbers, capitals and lowercase, as well as symbols when creating passwords.
- Implement a system to change users’ passwords every 3 months.
- Use two-factor authentication, such as a password and a one-time verification code sent via a mobile device. Make sure users then delete this code once used.
Implement a password manager to create, encrypt, store and manage all application, online, company and employee passwords.
Install mobile device security
The use of mobile devices and laptops is increasing but that doesn’t mean IT teams can’t protect them, whether the company or personal devices are used for work. The first step is to make sure Bluetooth is disabled – this is one application that is regularly hacked and is linked to phishing messages and emails. Implement a variety of biometric features (some devices have these tools built-in) and two-factor authentication. Download antivirus software on the devices as well for better protection and make VPNs available for staff when accessing corporate data.
Run cyber security awareness training sessions
One of the best ways to protect your corporate data from being stolen is through education. With phishing topping the list of cyber threats this year, and staff being one of the biggest risks in cyber security, more businesses and organisations must start to implement training.
The government’s cyber security survey highlighted that only 19% of businesses set up additional training sessions after a cyber attack. As well as raising awareness of cyber security risks, from phishing and social engineering to ransomware attacks, training benefits and educates everyone. There are a variety of online training resources available to help.
Create a robust cyber security policy
Create and implement a cyber security policy for the business or organisation that staff can follow, such as how to create a great password, browse or search the internet in a safe way, and what to do should a cyber security breach occur.
Ensure your supply chain is secure
One of the most vulnerable areas for any business or organisation in terms of cyber security is its supply chain. Get your suppliers and other third parties on board and involved in maintaining good cyber hygiene. Share your best practices and awareness training with them. Some businesses have gone a step further and integrated cyber security tools with their suppliers.
Create an incident response plan
Without a plan about how to respond to cyber attacks, any breach could cost your business dearly.
Companies that have created a cyber incident response plan, including potential scenarios and how to deal with a malicious attack are better equipped to deal with a breach. Make sure the incident response plan is reviewed regularly, tested and adapted if needed.
The cyber security tips that can keep your business secure
Rapid advancements in technology mean that cyber security is in an excellent state to defend against increasingly sophisticated attacks. Next-generation technology and methods are harnessing the power of machine learning (ML) and artificial intelligence (AI) to detect and prevent potential cyber breaches, as well as automated detection of cyber threats and responses. Many more of today’s latest devices and online platforms will incorporate cyber security tools and advanced technologies as a default feature, rather than leaving it to the user to add on later.
Cyber attacks are becoming more dangerous. A cyber security strategy is quickly becoming a necessary part of wider business strategy, but there are also measures you can take today to protect your sensitive data.
Browse more articles from our experts and discover how to make better use of IT in your business.