Cyber security is undoubtedly one of the biggest problems organisations currently face. The cost of incidents worldwide is projected to exceed €5 million in 2021, according to a Cybersecurity Ventures report.
This is double the cost of six years ago, which demonstrates how quickly the situation is escalating.
But what can your organisation do to avoid becoming another statistic? In this blog, we explain five simple steps you can take to defend against attacks.
Prepare for phishing attacks
Phishing is a type of social engineering attack in which a crook poses as a trustworthy source and attempts to trick people into clicking malicious links or providing personal information.
These attacks are usually delivered by email and are characterised by poor grammar and assertions that you need to rapidly address something that’s gone wrong.
For example, a phishing email might claim that your account has been hacked, that you need to confirm a card payment quickly or ‘something bad’ will happen, or that your bank account has been frozen.
If you fall for one of these scams, you risk inadvertently handing over login details, personal information or payment card information to criminals. Alternatively, the attackers may fool you into downloading malware and infecting the company’s systems.
If it happens at your workplace, you’ll expose your entire organisation to a potentially massive cyber attack or data breach.
To avoid this fate, you should enrol your staff on a phishing staff awareness course to help them identify scams and learn what they should and shouldn’t do if they receive one.
Back up your work
Data backups are like spare tires: you never need them until suddenly you do. It’s relatively unlikely that your data will be corrupted or otherwise inaccessible (cyber attackers generally just steal information), but it’s still something you need to be prepared for.
After all, it’s not only cyber criminals you need to be wary of, but also a host of technological problems, from power outages to infrastructure damage.
Even slight delays could cause huge financial and reputational damage, but backing up your data ensures that you always have access to information and can remain functional.
Use secure networks
Until recently, people rarely though about the security of their Internet connection. That’s because, for the most part, they were working in offices with secured networks that the organisation’s IT team had complete visibility over.
With the rise of home and hybrid working, that’s no longer the case. Organisations are relying on the security of employees’ personal Internet connections – and although data is typically encrypted by default, that doesn’t stop attackers compromising your systems in other ways.
For example, if you use the router’s default password, attackers may be able to get on to your network and launch attacks.
Public Wi-Fi on trains, cafes and hotels, etc., pose an even greater risk. Employees may be travelling for work or simply want to get out of the house – but if they rely on insecure public networks, they could find themselves under attack.
Any employee who accesses sensitive information as part of their job should be subject to specific rules regarding the networks with which they connect.
You may opt to ban put location-based restrictions on where certain documents can be viewed – or at least create an automated alert to determine someone’s IP address when they access that document.
Patch, patch, patch
Every piece of software that you use, and every website you use, has technical vulnerabilities that a cyber criminal could leverage.
The good news is that the people who maintain those systems routinely look for vulnerabilities and release updates and patches that fix them. You can make sure that every application you use is up to date with a patch management system.
Many data breaches are the result of simple mistakes. It’s all too easy to misplace a work-issued laptop or send an attachment meant for John in finance to some other person called John.
Errors like this are bound to happen, and we’re not suggesting that you should expect staff to never make mistakes. However, you can reduce the risk by regularly reminding staff of their information security obligations.
One way to do this is to enrol your employees on an information security awareness course. Another solution is to implement a policy reminding staff to pay close attention whenever they are dealing with sensitive information. If someone is travelling with a laptop, you should instruct them to keep it on their person or locked away. If emailing a document, they should double-check the recipient.
Looking for more advice?
You can find out more about protecting your organisation by reading Cyber Incident Response Management – A beginner’s guide.
This free green paper contains the essential advice you need to prepare for and respond to a security incident. You’ll understand what constitutes a cyber attack and discover the potential consequences.
A version of this blog was originally published on 28 November 2018.