Protecting against Cyber Risk & Data Breaches
Jason Harden
Insurance Broker Specialist for all types of Private Client, Personal, Commercial and Property insurances.
Some simple steps to protect your business against Cyberattack
According to a recent global survey*, ninety-three percent of small businesses reported more reliance on technology since the start of the pandemic. This created near-perfect conditions for cybercriminals and, unsurprisingly, we have witnessed a sharp spike in cybercrime. Like all criminals, cybercriminals are driven by three things: motive, means, and opportunity. Their motive and means certainly didn’t diminished in 2020, and their opportunity has expanded substantially. Particularly noticeable, has been the rise of ransomware.
The Changing Face of Work
The shift to remote work and the large-scale dependency on personal devices and residential networks plus an unprecedented expansion of company networks beyond their external firewalls, has provided criminals with a huge increase in potential targets to exploit. Particularly vulnerable are those working at home or from remote locations who aren’t securely connected to their company’s hub and may be tapping into local Wi-Fi, such as that provided by cafes.
The National Cyber Security Centre (NCSC) reported an incredible 15 fold rise in cybercrime the pandemic to date and noted a large scale increase in phishing attacks as global lockdowns resulted in more people working from home and attackers using increasingly sophisticated tactics to target individuals, businesses, hospitals and schools. Around 80% of cyber-attacks now begin at the supply chain level, so a hack in the smallest link can have a serious impact on even the biggest enterprises.
Data Breaches
A data breach is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to data. Breaches can be both accidental and deliberate and can include:
Recent research* has shown that some 94% of organisations have had a data breach in the last 12 months, 84% have suffered a breach directly from human error and almost three-quarters (73%) have experienced a phishing breach.
While most businesses are aware of the potential impact of a data breach, many are completely unprepared when it comes to preventing their own people being involved in, what is called, “insider risk”. People create risk every day and insider risk is probably the most complex cybersecurity issue employers have to deal with. Staff can be vulnerable to targeted phishing attacks and being hacked; they make mistakes, such as misdirecting sensitive emails; and they break the rules, often just to make their lives a little easier (or, on occasion, for personal gain).
In order to handle insider breaches, employers and their IT teams will need to gain a firm grasp on the risk presented by their staff and put an effective strategy in place to mitigate it.
*Insider Data Breach Survey 2021?from egress.
Your Counterattack Strategy
The good news is that the anticipated threats are largely knowable and preventable and do not require extravagant security measures. In most cases, the cure is relatively basic and mostly centres on improving employee awareness and behaviour, rather than increasing technical capability.
The main points would be:
Your Step by Step Approach to Preventing Cyberattacks
Train your Staff:?This is perhaps the most important step to take against cyberattack as one of the most common ways cyber criminals get access to your data is through your employees. They will send fraudulent emails impersonating someone in your organisation, and either ask for personal details or for access to certain files. Links often seem legitimate to an untrained eye and it’s easy to fall into the trap. This is why employee awareness is so essential.
Train your staff on cyber-attack prevention and keep them informed about current cyber-attacks. Either draw on the experience of your own IT team to devise a suitable training plan and provide materials to help raise staff awareness. You may also wish to consider bringing in an outside professional to provide impact sessions.
The basics staff need to follow are to:
领英推荐
Access Management:?one of the risks faced by business owners is having employees installing software on business owned devices that could compromise your systems.
Having managed admin rights and blocking your staff installing, or even accessing certain data on your network, enables you to better protect your business.
Employee personal accounts:?every employee needs their own login for every application and program. Having several users connecting under the same credentials can put your business at risk.
Separate logins for each member of staff will help reduce the number of attack fronts. Users only log in once each day and will only use their own set of logins.
Passwords:?having the same password setup for everything can be dangerous. Once a hacker figures out your password, they have access to everything in your system and any application you use.
Although having a different password for every application used can be an inconvenience, it can strengthen security. Also regularly changing passwords will help maintain a high level of protection against external and internal threats.
There are a number of ways to create strong passwords. One such option is to have a three word combination (with a minimum of 14 characters) and changing one of those words relevant to that particular system you’re using.
Backup your data:?in the event of a disaster (often a cyberattack) it is vital that you have your data backed up. This will help you to avoid serious downtime, loss of data and serious financial loss.
Keep your software and systems fully up to date:?often cyberattacks happen because your systems or software aren’t fully up to date, leaving weaknesses. Hackers / cybercriminals exploit these weaknesses to gain access to your network. Once they are in – it’s often too late to take preventative action.
To counteract this, it’s smart to invest in patch management and endpoint protection systems to manage all software and system updates across your entire network, keeping your systems resilient and up to date. This should include all mobile devices, tablets and laptops that are connected to corporate networks that give access paths to security threats.
Install a Firewall:?there are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks.
Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyberattack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage.
Wi-Fi Security:?the increase in remote working during lockdown also saw an increase in the use of Wi-Fi enabled devices and the resultant increased risk to cybersecurity.
Any device can get infected by connecting to an outside network and if this infected device then connects to your business network, your entire system is at serious risk.
Securing your Wi-Fi networks and hiding them is one of the safest things you can do for you systems.
Control access to your systems:?a physical attack can be just as devastating as a virtual one, so it’s essential to control who has access to your computers.
Don’t make it possible for somebody to simply walk into your business. They may then plug in a USB key to access your entire network and either (i) extract data or (ii) download infected files into one of your computers.
It’s essential to control who has access to your computers. Having a perimeter security system installed is a very good way to stop cybercrime, as much as break-ins!
Where to begin?
It can be difficult to know where to begin when it comes to protecting your business from cybercrime and cyberattacks. There’s so much information out there that it can become overwhelming.
Whether you utilise your own in-company resources or bring in a third party professional, the important thing is to get a solution that’s right for your business and your employees.