IT Support &
Business Software

How to stop your business falling victim to cyber attack

Share

IT security services thumbnailReported cyber-attacks cost the UK economy an estimated £29 billion per year. According to the National Cyber Security Centre, if you’re a small or medium-sized enterprise (SME), there’s a 1 in 2 chance that you’ll experience a cyber security breach. This is an alarming figure that confirms small businesses are increasingly attractive targets to hackers. With modest budgets and limited security measures, hackers can breach their information with relative ease, stealing employee details, customer financial information or trade secrets.

We’ve put together 8 practical and effective steps to help protect your business from cyber-attack.

1. Limit the impact of phishing attacks

Phishing attacks are where scammers send fake emails claiming to be from legitimate sources to glean sensitive information. They are becoming increasingly sophisticated and difficult to detect.

  • Restrict user rights to the lowest level required for employees to perform their job, thereby reducing the impact of successful attacks.
  • Ensure staff don’t browse the web or check emails from accounts with Administrator privileges. An attacker with unauthorised access to an Administrator account can do far more damage than one with standard access.
  • Be vigilant and help staff identify requests that are out of the ordinary, such as an invoice for a service that hasn’t been used.
  • Check for obvious signs of phishing like poor spelling and grammar or low-quality logos.
  • Take steps to scan for malware and change passwords as soon as possible once a successful attack is suspected.

2. Invest in a secure email gateway

91% of all data breaches start with a malicious email. Investing in a secure email gateway will help protect from malicious emails such as phishing, malware, ransomware and impersonation attacks.

The security provisions delivered by traditional email service providers are no longer sufficient. Hence, we recommend investing in a multi-layered approach delivered by a dedicated secure email gateway. These offer much higher levels of protection, such as spoof control and email authentication, rejecting messages which don’t conform to set standards.

3. Protect against malware

Malware refers to malicious software or web content that can harm your organisation, such as viruses or ransomware.

  • Install up-to-date antivirus software on all computers and laptops.
  • Ensure all software and firmware is up-to-date by installing the latest patch updates. Use the ‘automatically update’ option where available.
  • Limit staff accounts to only have enough access required to perform their role.
  • Only download apps for mobile phones and tablets from manufacturer-approved stores such as Google Play or Apple App Store.
  • Control access to removable media such as memory cards and USB sticks. Encourage staff to transfer files via email or cloud storage where possible. Consider disabling ports and allowing only approved drives where possible.
  • Switch on your firewall. This creates a ‘buffer zone’ between your own network and external networks (such as the Internet), and are often included within popular operating systems.

4. Secure Your WiFi

Your WiFi can be an easy way to access your data. It is therefore important to secure your WiFi so that only employees can access it, ideally without knowing the password.

If you want an open WiFi for customers or guests, we recommend setting up a separate network. This will prevent unwanted people from joining the business WiFi and accessing files.

5. Improve password management

Passwords are a free, easy and effective way to prevent unauthorised access to your devices and data.

  • Make sure all devices require a password to boot.
  • Use two factor authentication for important websites like banking and email.
  • Change default passwords that devices are issued with before distributing to staff.
  • Help staff cope with ‘password overload’ by providing secure storage. This will allow staff to write down passwords in a safe place (not with the device). In addition, you may want to consider a password manager where appropriate.

6. Secure your mobile devices

Mobile technology is now an essential part of modern business, with more and more data stored on tablets and smartphones.

  • Ensure all mobile devices are password protected.
  • Configure devices so they can be tracked and remotely locked or wiped when lost or stolen.
  • Keep your operating system and apps up-to-date on all devices.
  • Don’t connect to unknown WiFi hotspots, particularly when sending sensitive data. Instead, use your mobile 3G or 4G network which has built-in security. You can also use Virtual Private Networks (VPNs) which encrypt your data before sending it across the internet.

7. Educate your employees

For employees to adopt security protocols and best practices, they need awareness and training.  This is not a one-off initiative, rather a continuous process which includes sending regular security tips and best practice, periodic audits and refresher classes.

8. Back up your data

Ensuring you have regular backups (and testing these can be restored), will reduce the inconvenience of any data loss from theft, flood, fire or physical damage. Furthermore, it removes the possibility of blackmail from ransomware as you will always have access to up-to-date data.

  • Identify the data you need to backup which is essential to your business continuity.
  • Keep your backup separate from your computer. Data backups should not be accessible to staff and not permanently connected to the device holding the original copy.
  • Consider using cloud storage so your data is stored in a separate location and accessible quickly, from any location.
  • Automate your backups to ensure they are not forgotten about.

 

In summary, securing your network doesn’t need to cost a fortune. Nor does it require investment in the latest expensive technology. It does however require a multi-layered approach of practical steps that should be reviewed regularly.

While it is impossible to offer 100% protection against all cyber-attacks, the 8 steps above will undeniably go a long way towards protecting your data, assets and reputation. For further protection, we recommend seeking certification under the Cyber Essentials Scheme. This has the additional benefit of communicating to your customers and suppliers your commitment to data security.

 


Testimonials

Josie Sullivan Leroy Reid & Co

Very helpful in supplying the system required with very little down time. Personable and professional in guiding us along the right path. Nothing is too much for them.

David Halloway Southern Testing

Support with a sense of fun!

Carmel Clarke Kingswood Controls

Professional and extremely helpful. PCR will go above and beyond to resolve any IT problems that you may have.

Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

Keith Faulkner Brainwaves Books

Over the years, I've seen PCR grow and develop, but their attitude and customer service has never altered. The quality of their service remains constant.

Alex Arscott Richard Russell Panels

A good honest company we've dealt with since the year dot.

Contact us now