Written by our Cybersecurity Experts
Each year in October, businesses, service providers and government organisations come together for National Cybersecurity Awareness month to raise awareness of the dangers that cybercriminals pose to companies, consumers and private individuals who communicate via the Internet or buy products and services online.
Week 1 focuses on the simple steps you can take as a business to protect your data and ensure that if you’re on the receiving end of an attack, your company is doing everything it can to mitigate the damage.
A common misconception in the UK business community is that cybersecurity is a necessary evil that impedes a firm’s ability to do business in the way it wants to. We’re going to show you why that’s not the case and give you some expert advice on how to stay safe online – be it at home, or in the office.
Treat Cybersecurity Seriously
Cybersecurity should be front and centre within your firm’s annual IT budget. The cost of preventing an intrusion pales into insignificance next to the financial and reputational damage caused by a successful attack on your systems.
Studies show that the average annual financial cost of a breach in the UK in 2020 was £2,670, not including the time it takes to recover lost or stolen data, or the downtime incurred by having multiple staff members rendered unable to work at full capacity. Almost one third of businesses who were attacked reported a significant delay in restoring operations.
It’s not all about the money – cyberattacks have the potential to irreparably damage the customer relationships that your organisation has worked so hard to build. It is difficult to predict how even the most loyal of clients would react to being told that their data is in the hands of criminal to sell or otherwise exploit as they please.
There are also regulatory considerations to keep in mind. The Information Commissioners Office (ICO) and GDPR guidelines state that any attack that has compromised personal or commercial data that poses a risk to an individuals’ data should be reported to the relevant authorities. Depending on your line of work, repeat breaches may be a cause for concern within your ombudsman or regulatory authority.
Educate Your Employees on the Risks
The theme for this year’s National Cybersecurity Awareness Month is ‘Do Your Part: #BeCyberSmart’. Everyone within your organisation – from senior management down to front-line employees – has a role to play. Cybersecurity should not be the sole domain of your internal IT teams, nor should it be relegated to an annual consideration on budget sheets or operational plans.
Cybercriminals are utilising increasingly more sophisticated methods of masquerading as real-world individuals to extract money, data and commercial information from unsuspecting employees, and your staff often represent the first line of defence against external intrusions.
Consider a rolling programme of cybersecurity awareness training for relevant employees that encompasses how to use your current security software (especially your email protection tools), what specific threats are trending around the world and any developments in cybersecurity technology that are specific to their individual roles.
Training doesn’t need to be a time sink – just 30 minutes every month to ensure that your staff are both mindful of the risks, and are going about their duties accordingly, can make a huge difference.
Enable Two-Factor Authentication Wherever it’s Available
Two-factor Authentication (2FA) is a login method that requires users to authenticate on a network with at least two different kinds of login information known only to them, instead of relying solely on a password. It’s 100% free to implement and should be a prerequisite on any system that it’s available on.
Huge tech organisations such as Google, Twitter and LinkedIn have made 2FA a mandatory requirement for access to their products and services for good reason – it mitigates the inherent risk of a password being compromised, guessed or cracked by hackers seeking to exploit poor network security protocols.
If you don’t already have it enabled, speak to your IT staff immediately and ask them to consider its application across your network. Microsoft have made it incredibly easy for businesses to make use of 2FA across the entire range of Windows 365, Microsoft 365, Windows Server and Azure suite of products, with features such as Conditional Access policies that dictate access rights based on pre-configured employee ‘groups’, to default security templates that implement best-practice guidelines across your network.
Focus on Email Security
Cybersecurity plans should cover all of the physical and virtual assets on your network – from port rules on routers to physical server room access, USB device policies and device encryption. All of this is important, but if there’s one aspect to get absolutely right, it’s email security.
Studies have shown that as many as 9 in 10 intrusions originate via email. Advanced Email Protection software is a cheap and highly effective way to prevent all manner of cyberattacks, from generic phishing emails that fool staff into visiting malicious websites that extracts sensitive information, to highly sophisticated ‘spear phishing’ attacks that target specific individuals within your organisation and make requests for money transfers.
Everyone in your organisation that has the ability to receive email should know what to look out for, and understand how to make use of the tools you’ve provided in order to keep your data safe and secure.
Backups, Backups, Backups!
Regardless of how well protected you consider your network to be, a Backup and Disaster Recovery Plan (BUDR) that maps out what needs to be done in the event of a successful attack is an absolute necessity.
We’ve already discussed how a breach can affect you financially and operationally, but there are meaningful steps you can take as an organisation to ensure that this doesn’t always have to be the case.
Take some time to consult with your IT staff on a robust, dual cloud-based and onsite BUDR plan that encompasses scalable, cost-effective backup software and data redundancy, with the aim of getting you operational in the fastest time possible I the event of a data breach.
There’s every reason to expect that if your company adheres to these basic steps and considers a data breach as the constant threat that it undoubtedly is, you could avoid becoming another statistic in the global fight against cybercrime.