In today’s computerised world of business, cybersecurity is more important than ever. Digital networks are almost universal, while fraudsters are increasingly innovative. Around the clock, miscreants and criminals scan unsecured networks (and those with poor defences) to find the latest Achilles’ heels. Unfortunately, chinks in corporate computing armour and the digital defences typically used by SMEs are still too common, if the statistics tell us anything.
Nonetheless, with the right approach, forward-thinking organisations can defend themselves. If you would like to strengthen your business cybersecurity, read on to see why it is vital to do so today. We also list fifteen practical, straightforward and easily identifiable protective measures that modern businesses can adopt right now.
Why Computer Security Is Crucial in 2019
While many computer criminals either use cyber attacks to access, change or destroy confidential or sensitive information, others set out to interrupt business processes in an attempt to extort money. Although corporations are investing more in strengthening their security protocols and digital boundaries, IT decision makers often mention bewilderment with the detail or concern over the cost.
However, the startling expense of a single data breach can run into tens of thousands of pounds or dollars. Then there is damage to business reputation and loss of future income as customers go elsewhere. Computer experts McAfee now estimate that the cost of annual damage due to cybercrime has soared to approximately $400 billion – almost a two-thirds increase from 2016 levels.
Well-funded, highly-coordinated groups of hackers are becoming increasingly sophisticated as they expose new computer network entry points. When pressed to identify a cause, experts point to the combination of third-party cloud service provision and increased usage of mobile devices. Against this backdrop, sophisticated hacking tools, password decryptors and ransomware threats abound. Additionally, the IoT (Internet of Things) automates tasks in our homes and offices using devices with inbuilt microprocessors capable of machine-to-machine communication, but the proliferation of this new hardware represents a growing security hazard.
International concern has focussed on cybercrime and the disruption it causes. Tellingly, accountants Deloitte – who, ironically, also specialise in cyber security – were themselves the subject of an autumn 2017 attack. However, this corporate magnate was not alone. Other notorious data breaches include the Car Phone Warehouse where in August 2015, data thieves stole payment card and customer information.
Similarly, Talk Talk systems leaked customers’ bank details, an incident which led to the loss of more than 100,000 angry customers. In another shocking example, more than 650,000 J D Wetherspoon customers’ details came up for sale on the dark web. Unsurprisingly, these worrying incidents attracted the attention of the European Network and Information Security Agency as it investigated more than 200 major incidents in 29 countries, in just one year.
With such incidents now so commonplace, the question now is now not whether an organisation might be attacked, but when it will happen. Will the controls and measures in place be able to detect and stop any malicious activity in time before cybercriminals cause disruption and damage?
Robust passwords are an essential part of a defence against cyber attack and business interruption. Though an oft-repeated message, and one that busy computer users sometimes ignore, effective security nevertheless starts with strong passwords featuring combinations of alphabetic, numeric and special characters. Consider using user screen timeouts, too.
Regular password changes are advisable while using the same password for multiple accounts is not. Passwords should not contain names, obvious words or individuals’ dates of birth. Writing passwords on post-it notes or whiteboards – especially in view of windows – is like offering gifts to hackers.
Identifying and verifying users gives us a secure footing. From there, network IT administrators should set access privileges to control, limit or deny drive, directory, and file access.
2. Spam Email
Most attacks originate via email. Choose an email security plan that reduces spam and staff exposure to attack(s).
3. Security Awareness
User training and reminders about data security and possible email attacks form part of a policy of protection. In particular, everyone should know how to differentiate between legitimate emails and phishing frauds, as well as not to trust links on the Internet. Accordingly, company training programmes should include these important principles.
4. Security Assessment
In the most up-to-date and progressive companies, IT security surveys establish a baseline from which the next step is to resolve existing vulnerabilities. To achieve this, IT experts assess risks, analyse weaknesses and draw up action plans. Then, it is important to prioritise those threats that are most probable, while allocating extra resources where necessary.
5. Computer Updates
Whatever the operating system, critical updates such as for Adobe and Java improve protection from the latest known attacks. Regarding anti-ransomware and anti-malware, some products block malicious code from inception, whereas others employ grey lists to spot suspicious behaviour. Nonetheless, because the threat landscape evolves unremittingly, regular updates are necessary to maintain system efficiency and ability to withstand attacks.
As a start, intrusion detection and prevention features should be active. Additionally, it is best to configure firewall software to send incident log files to a managed SIEM (Security Incident & Event Management) system. There is more on this in the next item.
7. Security Incident & Event Management
Nowadays, SIEMs use big data engines to review event and security log information from connected network devices. Using data aggregation, correlation and dashboard alerts, cutting-edge SIEM tools boost protection, facilitate compliance and enable forensic analysis.
8. Mobile Device Security
As well as through office servers and workstations, cybercriminals are equally adept at accessing networks and stealing data through smartphones and tablets. As a result, businesses need to close this gap with the latest security measures for mobile devices.
Whenever possible, aim to encrypt all files – whether stored in a server or workstation directory, attached to emails or mobile on portable devices.
An offline backup for each month of the year protects against crippling data loss. Back data up both locally and to the cloud. Remember: backups require regular testing; if you have any doubt that they are working reliably, it is best to enlist specialist help.
11. Web Gateway Security
Cyber security is, in effect, a race against time to keep up with computer criminals. Fortunately, cloud-based systems can detect emerging web and email threats and deploy countermeasures at lightning speed to block malware on protected business networks. Thankfully, the latest systems act within seconds, before new threats reach users.
12. Multi-Factor Authentication
Wherever possible, use multi-factor authentication on your network, especially with banking websites and social media. A wise precaution, this double check ensures that even if an anonymous hacker steals your password, your data stays protected.
13. Advanced Endpoint Detection and Response
Protect your data from malware, viruses, and cyber attacks with advanced endpoint security. As a replacement for outdated anti-virus programs, the latest solutions protect against fileless and script-based threats – and can even deal with a ransomware attack.
14. Dark Web Research
Awareness of stolen passwords and accounts listed for sale allows companies to be proactive in preventing data breaches. An efficient security system scans the Dark Web and takes appropriate action to protect businesses.
15. Contingency Planning
Nowadays, shrewd entrepreneurs are protecting their income and business with cyber damage and recovery insurance. That way, if all else fails, expert support is on hand and unexpected costs covered from the outset.
Securing Your Business Systems
Finally, it’s worth remembering that all the above steps play an important part in cybersecurity. As the adage has it: prevention is better than cure, especially when it comes to unwanted attention and full-scale attacks from fraudsters. To put it another way, computer and network protection is no longer something on a wish list. Nowadays, it is vital for everyday business.
According to Continuum Managed Services, a leading Boston-based computer consultancy, as many as one in five small businesses was a target for cyber attack(s) during 2018 and suffered a security breach. Cyber attacks are not the direct fault of the targeted company. Nonetheless, such misfortune still exposes the victim to the possibility of negligence claims, legal proceedings for breach of contract, regulatory enforcement and loss of trust.
More than four-fifths of all such breaches involve SMEs. Astonishingly, if the latest computer technology had been present, almost all these attacks (97 per cent) could have been prevented. Moreover, tighter rules such as the GDPR (General Data Protection Regulation) framework mean that companies must make security a priority if they are to avoid punitive fines.
If your local IT support needs assistance with any of the protective measures, we invite you to contact us today. Based in Edinburgh, Scotland, our expert team will be pleased to help.