Cyber crime is rife and continues to affect businesses of all sizes.
The Government’s Cyber Security Breaches Survey for 2021 found that four in ten businesses (39%) and more than a quarter (26%) of charities reported suffering a security breach or attack in 12-month study period.
One of the biggest assumptions small businesses make is that they are immune because cyber criminals are interested only in the big players.
This leaves many SMEs more vulnerable to attack because they don’t think they need to take cyber security as seriously as they should. In reality, they are a prime target for hackers because their defences are lower.
While no business is 100% immune to cyber risk, most organisations can mitigate some of the risks by taking simple steps to protect their networks, data and users online. These include:
- patching systems
- improving access controls and enabling multi-factor authentication
- implementing an effective incident response plan
- checking that backup and restore mechanisms are working
- ensuring that online defences are working as expected
In fact, by making sure you’ve got the right basic protections in place and focusing on your overall cyber security instead of individual threats, you can improve your defences and protect your business effectively against a range of common attacks. Here’s how…
Steps to improve your cyber security
Last year, the Government’s National Cyber Security Centre revised and republished its ‘10 Steps to Cyber Security’. They are aimed at giving IT security professionals and technical staff guidance on the measures they need to put in place to keep their organisations safe. While the steps are aimed specifically at IT staff in medium to large businesses and organisations, smaller businesses can also benefit from some of the recommendations. The steps are:
- Identity and access management – control who and what can access your systems and data.
- Data security – protect data where it is vulnerable.
- Logging and monitoring – design your systems to be able to detect and investigate incidents.
- Risk management – take a risk-based approach to securing your data and systems.
- Engagement and training – collaboratively build security that works for people in your organisation.
- Asset management – know what data and systems you have and what business need they support.
- Architecture and configuration – design, build, maintain and manage systems securely.
- Vulnerability management – keep your systems protected throughout their lifecycle.
- Incident management – plan your response to cyber incidents in advance.
- Supply chain security – collaborate with your suppliers and partners.
So, what do the steps look like in practice, and how can you integrate them into your business and operations?
The answer lies in working with a managed IT support partner with expertise in cyber security, like Quintech.
While your cyber defences can be as complex as you want them to be, as part of our support, we can ensure you’ve got all the basics covered as a bare minimum to protect your business against ransomware, phishing, malware attacks and other common threats.
Here are some of the cyber security fundamentals you should have in place to protect your business:
More than 90% of cyber-attacks are by phishing, which uses fraudulent emails and websites to steal personal information or money from unsuspecting users. The goal of a phishing attack is to trick the user into clicking on a malicious link or entering their login credentials into a fake website. Phishing attacks are used to steal passwords, payment details and other sensitive information.
The emails are designed to appear as authentic as possible, to encourage your staff to trust the source and act upon the contents.
Your business should be deploying email security software that automatically identifies and quarantines suspicious-looking emails, reduces the amount of spam your users receive, and protects your staff and business against threats. Outbound data loss protection, meanwhile, will help ensure that your corporate data is not stolen or compromised.
Antivirus and anti-malware software should be installed on every device your business owns. It’s also vital to keep the software up-to-date and monitor and report on this to ensure your business remains compliant.
Most malicious software changes its form every time it’s installed, making it hard for traditional antivirus to provide 100% protection. So, robust antivirus software should form part of an overall suite of cyber security measures, rather than relying on it as your sole method of protection.
Firewalls are a critical part of any organisation’s cyber security defences. They are network security devices that monitor and control incoming and outgoing traffic between your networks and the internet. Firewalls can be hardware or software-based, and they can be configured to allow or deny traffic based on source, destination, protocol, port number, and other factors.
Firewalls are a vital first line of defence against cyber-attack because they protect your network from unauthorised access and data theft. They can also help prevent malware from entering your network. In addition, firewalls can help you track user activity on your networks so you can identify and assess potential security threats.
If you’re looking for increased security for your business, consider using a firewall in conjunction with other cyber security measures such as antivirus software and intrusion detection/prevention systems.
Password cracking is one of the oldest forms of cyber-attack and stolen corporate login credentials often find their way onto the dark web.
If they fall into the wrong hands, it leaves your users, networks and data at the mercy of cyber criminals.
So, establishing a robust password security policy, and ensuring your users stick to it, is essential.
Some password security best practices your users should be following include:
- Never sharing passwords
- Not using the same password for multiple accounts
- Ensure passwords have at least 21 characters, with a mix of uppercase and lowercase letters, numbers and symbols
- Don’t use obvious substitutions (like ! instead of 1, @ instead of a or £ instead of E)
- Don’t use passwords on public WiFi
- Update passwords regularly
Your business should also consider using a password manager to store your users’ passwords and other login information in an encrypted format. This information can then be accessed by the user when needed. Password managers are a valuable tool for cyber security, as they help protect data from hacking and cyber-attacks. They also help keep login information secure, which can prevent theft or fraud. Password managers are available as stand-alone programs or as extensions for web browsers.
Most ransomware attacks occur when a user views a webpage that’s been compromised with malicious code. It only takes a careless user to inadvertently infect your entire network, which could potentially render all your data and files useless, unless they are backed up.
Website filters help protect your business and users from websites containing malicious code and control access to inappropriate or harmful websites and content – such as adult, gambling or social media sites – during working hours.
It gives your IT managers control over what websites your users are allowed to access, as well as alerting any suspicious or harmful activity. You should choose web security software that protects your staff wherever they are, on any device, so they aren’t putting your network and data at risk.
Data backup and recovery
Data backup and recovery is one of the most critical aspects of your cyber security. In the event of a data breach, ransomware attack or other disaster, it’s vital that you have a plan in place to restore your systems and data.
This became even more important following the implementation of GDPR, which requires all organisations that process data to have a plan for data backup and recovery and other data protection measures. Without a good data backup and recovery plan, your company could face hefty fines for not complying with GDPR.
You should back up your data frequently, make onsite and offsite copies, and ensure it’s stored securely.
Outdated, unsupported or unpatched software is easy to exploit. To a hacker, it’s like leaving your front door unlocked and all your valuables on display.
So, ensuring your software, operating systems, and applications are up to date and have the latest security patches installed is essential.
Your business shouldn’t be using operating systems that are out of support. You’d be surprised at how many there are. For example, Microsoft’s support for its Windows 7 operating system was withdrawn in 2020, while its support for Windows 8.1 is due to end in 2023.
For platforms that are still supported, downloading vendor updates as soon as they become available is the key to keeping them safe, secure and working as they should. Patches fix many issues, from minor bugs to major security flaws, so make sure you don’t fall behind.
While putting the right technology and software in place to strengthen your cyber defences is essential, supporting your staff and ensuring everyone in your team is aware of their responsibilities will help keep cyber security consistent across your workplace. This includes ensuring they have the right equipment to stay secure, especially when working remotely or from home.
Regularly reviewing your cyber security provision and policies to ensure they are up to date and can protect against emerging threats is also essential. So, too, is regularly engaging with, and training your staff, so that everyone understands the latest risks and follows the right policies and processes.
How Quintech can help you improve your cyber security
Quintech can help you create and manage a robust cyber security strategy tailored to your business to keep your networks, data and users safe and ensure business continuity.
As your strategic technology partner, we’ll work with you to assess your cyber security needs and identify the best ways to solve them. We’ll review your current IT security provision to see how it can be improved.
Our role is to ensure your IT serves your business in the best way, to help you reach your full potential.
From initial investigation and assessment to recommending and implementing cyber security solutions along with advice, training and guidance to support the whole journey from start to finish, our team of experts is here to help.
Get in touch today to find out more.