Cyber Security Steps
John Gostling, Breakwater IT's Managing Director, shares some simple steps that will protect your business from cyber-attacks.
It has become an undeniable truth, particularly over the past year with an increasing number of high-profile attacks; that, when armed with enough resolve, skill and financial resource, there are individuals and cybercrime groups that can and will access your systems.
But you can take some simple preventative measures to reduce the chance of a security breach by hack or ransomware attack. Much like you close your windows, lock your doors and set the alarm when you leave your house; you can fortify the protection surrounding your IT systems. We have to up our game and raise awareness of the threats – sometimes an all-too-simple click on the wrong link can leave you vulnerable, this way we can stop making it easy for people to steal our business information and money.
Train your employees
Your employees are your biggest asset, your biggest cost centre and, unfortunately, your biggest IT security risk. I have seen many outbreaks of ransomware over the past few years and every single one of them could have been prevented if the staff member had a better understand of how to spot a specially crafted email or an authentic-looking web page that coerced them into clicking on a link to something bad. Of course, they didn’t know it was bad, they just thought that Microsoft wanted to help them, that the HMRC wanted to give them a refund for £512.37 or that someone had just used their Paypal account.
If they are not clicking on links, they are sending £8,000 to an unknown bank account because someone pretended they were the CEO of that company and asked the finance team to just transfer the money.
There are so many, regrettably, simple ways of a cyber-attacker gaining your trust and ultimately your money – I have heard examples of businesses receiving emails from supposed clients requesting that they transfer £15,000 to a new bank account. In this case the email had been hacked, and it only took a few persuasive messages under the guise of an important “client”, and the money had been transferred to an unknown bank account.
We can all fall for these tricks, through no fault of our own, but with the right education and by making some noise around how these attackers coax their way in, you can help your employees to become more aware – then it’s suddenly much less likely they will click on the bad stuff. Of course, knowledge does not make your network impenetrable and mistakes happen, that’s when reinforced IT systems and best practice come in to play.
Close down entry points
Much like a bank, home or office – for someone to steal your possessions they need to access the building. To do this they use entry points such as doors or windows. Your IT system is much the same, data comes in and out of your network via entry points, over the web, in email and via devices such as USB drives and CDs.
So, the next obvious step in protecting your business, is to secure these entry points to your IT network. Email and web traffic can be filtered and analysed to stop the bad stuff coming through; known bad places on the web are automatically blocked, so even if a damaging link does find its way in, your employees cannot click through.
USB pen drives – we all have them, but stop and think for a moment. Do you know enough about the machines your USB has been used on and what it might be distributing throughout your business. The web is much quicker than it used to be and there are so many more tools for transferring files that you really shouldn’t need to use these any more.
Get Cyber Security accredited
This is a basic government scheme that encourages you to cover the essentials of IT security and make changes to your system to help keep you protected. It’s a self-certificate scheme, (you can go all out for the plus version!) and it can be completed in a couple of weeks and only costs £300+VAT for complete certification and peace of mind. As an added bonus they chuck in some free cyber insurance on the back of it.
Have an awesome backup…..and check it EVERY DAY!
Seriously, this is your last resort. When all of the above fails you’re going to need something to fall back on. Get yourself a good backup system, get a DR system if you cannot afford to be offline for long. Check it’s backing up regularly and run some test restores. No ifs, no buts, it’s just not acceptable to not have a good backup in this modern age of cheap online storage and there are some amazing providers out there with reliable solutions to get you back up and running.