Large-scale cyber-attacks often dominate the headlines, but they present a very real threat to organisations of all shapes and sizes. Did you know that 39% of UK businesses have identified an attack in the last year alone? An alarming 31% of those businesses were targeted at least once a week. Phishing attempts are the biggest menace (83%), with ransomware attack and malware hot on their heels. On a global scale, 66% of mid-sized organisations were hit with ransomware in 2021 alone – a year-on-year increase of 37%.
The statistics may sound alarming, but the good news is that there is plenty you can be doing to safeguard your organisation. Here are some of our top tips for protecting your business against cyber-attacks…
Phishing attacks – when users are tricked into opening malicious emails or links that install malware – are growing increasingly sophisticated. The majority of businesses run cybersecurity awareness programs, but if you’re in the minority that don’t, now is the time to educate your users. Whether you use human-led or computer-based training, ensure your employees are cyber-savvy and know how to identify phishing threats. Educate staff on password policy too, including how to create more secure passwords. Don’t underestimate the need for team training, it is an invaluable line of defence.
Prevent phishing emails from entering inboxes in the first place, with robust technical controls. This means modern messaging protection, in addition to firewall and endpoint protection. When it comes to cyber security, it pays dividends to invest in the optimum solution for your business. To find out more, book in for a free 30-minute consultation with the Business Cyber Centre team here.
It’s vital to ensure your software and firmware remains up to date. This includes your operating system, third-party apps, anti-virus apps and web browsers. Updates don’t just keep things running smoothly – in addition to resolving bugs, they help patch potential loopholes in your security. They also install new security features, making it harder for attackers to gain access. Switch on automatic updates, and regularly check on them too.
If cyber criminals do penetrate your network, you want to limit the potential for damage. This means zoning your network and safeguarding each zone with anti-malware and IPS protection, to restrict criminals’ ability to move within the system. Think of it like shutting the fire doors in a building – if a fire starts, they will slow the spread of the flames.
Another wise precaution is to only give your team access to the systems and resources they need. That way, if an attacker does gain entry via their device, their freedom is at least limited. Restrict users from downloading third party apps too.
Passwords are inherently vulnerable, and an additional layer of security is essential in order to stop cybercriminals from infiltrating your network. This means employing multi-factor authentication, especially when users are accessing Cloud and Internet-connected services. These can take several guises – for example after entering their password, users may be prompted to verify themselves via an authentication app on their phone, or a one-off code sent via text. In addition to this, ensure your team follow password safety guidelines too – it’s been estimated that 73% of passwords are duplicates, yet multi-factor authentication can block over 99% of account compromise attacks.
Data backup is the last line of defence. Make regular backups of important business information and ensure you’re using a secure platform. Provided the information can be accessed, you’re then less vulnerable to blackmail by ransomware attacks.
To discover more about protecting your business, book a free 30-minute consultation with the Business Cyber Centre team here.