Up to 88 per cent of UK companies have been victim to cyber breaches over the past twelve months. And 65,000 attempts are made every day to hack small to medium sized businesses, 4,500 of which are successful. Cyber breaches can be exceptionally costly, and can cause lasting reputational damage. What steps is your business taking to avoid a cyber-attack? What are some good cyber security habits you and your workforce can adopt?
Around a third of companies report having lost customers following a cyber-breach, and over 40 per cent say they will never return at all according to a Cisco report. With this in mind, here are a few good cyber security habits you can instil within your workforce to help prevent a costly disaster.
1. Adopt a safe password policy
Be sure to create a business-wide password policy that includes:
- Never sharing passwords amongst colleagues
- Never writing passwords down
- Never using the same password for multiple accounts
- Always creating passwords that are at least twelve characters long and include numbers, symbols and a mixture of upper and lower case letters
It is good practice to use a password manager to manage company-wide passwords. That way, you can retain top level control over passwords, which is useful when someone leaves your organisation. And, on that note, always ensure that whenever a member of staff departs, for whatever reason, that all their work related system or online platform passwords are re-set so as to prevent them logging in remotely and stealing data or accessing sensitive information.
2. Stay up to date with security patches and software updates
Software vulnerabilities are regularly exploited by cyber criminals who look for ways in so that they can infect devices with malware.
Malware is used to steal data and personal information, such as payment details. Ransomware, a form of malware, encrypts files so that users cannot access them. The cyber-criminal then demands a large figure ransom to reinstate the files.
Malware has the power to bring systems to a complete standstill, which can be devastating for an organisation that depends on technology to function.
In order to avoid such a catastrophe, it is vital that security patches and software updates are installed as soon as they become available, and that operating systems are kept up to date. Ensure that devices are set to auto-update and that individual users cannot override or snooze updates.
3. Use multifactor authentication
Multifactor or two-layer authentication raises the security bar, adding an additional login step for system users, which means another layer of security for potential cyber-criminals to get through.
Multifactor authentication involves using two pieces of evidence to prove your identity and right to access a system or platform. The first piece of evidence is usually a password, and the second will be something only the user can know, such as a security code on a credit card, a fingerprint, or a one-time code sent to a personal device.
This is a straightforward way of adding another layer of security, and is one of the top three ways cyber-security experts themselves protect their own information.
4. Be aware of suspicious emails
Set a clear procedure for staff to deal with suspicious emails, making awareness a priority. Scam and phishing emails are all too common nowadays, and can have devastating consequences. Clicking on a malicious link has the potential to expose a device or network to a virus, or give a hacker access to your system.
Warning signs of bogus emails include requests for personal information, unusual email addresses, strange attachments and spelling and grammar mistakes within the text.
Be very wary of emails that appear to be from supplier accounts departments asking you to change payment information. These could be a sign of bank transfer fraud. If in doubt, use your regular contact information to verify the request by telephone.
You can help stop fraudsters by reporting scam emails to Action Fraud. For advice on how to identify fake or phishing emails, and how to handle them, take a look at the Action Fraud guidance on scam emails.
5. Develop a disaster recovery plan
A disaster recovery plan is a vital document for any business. It sets out how you will protect your organisation should an incident occur to put it at risk.
Typically, your disaster recovery plan will include a process for recovering your IT infrastructure, where you will work from should your regular workplace become inaccessible, and how you will continue to service your customers.
Disaster recovery planning is useful as it helps you to forward plan for the unexpected. It can also assist in minimising the financial and reputational impact should you become unable to operate.
Avoid costly cyber-attacks with support from PC Docs
Here at PC Docs, we provide a comprehensive package of cyber security solutions, all of which can be customised to suit your unique business needs and cyber risk assessment.
We offer a range of services, including anti-malware and adware systems, firewall and antivirus setup and management, internet and spam filters and email scanning software, as well as general advice on how to ensure good cyber security habits are adopted throughout your organisation.
To learn more about how we can help keep your organisation safeguarded against all the latest cyber threats, you are welcome to get in touch.