How to protect your business from cyberattacks
As a business owner, every day can be hectic. When you’re spinning so many plates at once, other areas can often be overlooked, including your security measures, particularly cybersecurity. To understand more about the importance of cybersecurity, let’s start with some rather shocking facts:
- The average time to identify a breach in 2020 was 207 days
- Security breaches have increased by 11% since 2018 and 67% since 2014
- The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests
- In 2017, 147.9 million consumers were affected by the Equifax Breach. This cost the company over $4 billion in total
- In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers
Disturbingly, cyberattacks are a common and daily threat, even for massive corporations, so it pays to be on high alert and to work on your business’s cybersecurity. Here’s what you can do to help in the fight against cyberattacks.
Train your staff on cybersecurity
Considering 95% of cybersecurity breaches are caused by human error, adopting a cyber culture in the workplace will help strengthen your overall security. That means training staff to use technology more securely and encouraging them to be more vigilant and aware. Cyber security policies are good for instructing employees on how to react to certain situations or what to do with sensitive information. Adopt regular cyber training for all staff both new and existing.
Encrypt and back up data
The last thing you want from a cyberattack is to find out that vital information has been lost forever. That’s why it’s so important to backup your data. Encryption is a high-level way of protecting data. You can use full-disk encryption to protect all your business technology devices like computers, tablets and smartphones. Make sure to save a copy of the encryption password or key in a secure location separate from your stored backups. And when sending or sharing the password, never send the password or key in the same email as the encrypted document. Use a phone or a face-to-face method.
Set up filters on web and email
To prevent spam from filling up in your employees’ inboxes, and to deter hackers, set up email and web browser filters. If you want to block certain websites or ones that come with a high risk, you can use blacklisting services to keep them out of bounds. Make sure you inform staff about what websites are a threat to malware and your company’s cybersecurity. Some may be obvious, but communication is key to make those lunchtime browses safe and secure, and especially when it only takes one visit to the wrong site for a company-wide cybersecurity breach.
Fight with technology
As AI keeps evolving, you can use more intelligent technology (like Acronis) to help your defence against cyberattacks. After all, many of these attacks use bots, so who better to fight them with than with cleverer bots on your side. There’s also AI anti-ransomware, that can safeguard data for any recovery method and environment.
Be careful with cyber security insurance
You can get cyber insurance, but don’t rely on it completely. Take the scenario of the food and beverage company, Mondulez, that sued Zurich when the insurance company refused to cover damages from the NotPetya ransomware attack. This was all to do with contractual language that excluded ‘a hostile or warlike act’ by any ‘government or sovereign power’. If you do take out insurance, be sure to read the fine print before signing on the dotted line.
Restrict admin rights and limit employee access
By restricting admin rights, you can significantly lower the risk of getting hacked. It also prevents information and personal data from being leaked and reduces the likelihood of damaging mistakes occurring. Only give admin rights to a limited number of staff, who are well-informed.
Change passwords and make them strong
Encourage your staff to change their passwords regularly for business accounts. Not only that, guide them on how to create stronger passwords. The more random the better, so think symbols, upper cases, lower cases, and random letters. They may not be as memorable, but they’ll certainly be harder to crack.
Carry out regular cybersecurity audits
By carrying out regular audits on your cybersecurity tools and best practices, you can put your business in a stronger position to deal with any that may occur, or better yet, prevent them to begin with. Review and assess what you have in place and keep up to date with the latest cybersecurity developments. By regular auditing, you can spot weaknesses and strengthen your overall business’s defence against cyber threats.
Update company software
All of the software you and your employees use should be updated regularly to the latest version. If you use older versions, they can be susceptible to exploitation by hackers due to loopholes, allowing sensitive data to be stolen. Create a routine of checking for updates across the board for all software, including apps and plugins, and make sure to patch your operating systems.
Surge protectors and UPS
One of the best protections for your business is keeping power supply interruptions down to a minimum or zero. Uninterruptible power supplies (UPS) work by giving enough battery power and time to save data in the event of a power disruption; just make sure the UPS size and type matches your company’s requirements. The UPS should be connected to every computer and device on the network. For non-networked devices and electronics with less valuable data, surge protectors work great.
Secure wireless access points and networks
If you provide wireless internet access to the public - visitors and customers - make sure it’s separated from the business network. And when it comes to securing wireless networking, make sure you:
- Always change the admin password on any new devices
- Set the router to use Wi-Fi Protected Access 2 (WPA-2) with Advanced Encryption Standard (AES)
- Set the wireless access point so that it doesn’t broadcast its service set identifier (SSID)
- Avoid using Wired Equivalent Privacy (WEP)
Dispose of computers and media safely
Make sure you wipe all sensitive and valuable hard drive data from anything you are throwing away. That means flash drives, CDs, old computers and any old media devices. Once you’re certain all sensitive and personal data has been wiped clean, then destroy all the devices you are disposing of or take them to a company who will destroy them for you. And, of course, make sure paper with sensitive data is shredded and disposed of properly.
Disaster recovery plan
Whilst you may think you’d know what to do if a cybersecurity breach happened, it’s best to have it written down, and to run through it regularly with senior leadership. Have a plan that works by reacting quickly to a cyberattack with clear instructions and resources planned out.
Don’t forget about physical security
As well as strengthening your cybersecurity, it’s just as important to maintain physical security for your business. This encompasses being aware of who you let in and out, visitor interactions, and deterring thieves and burglars. From car park barriers to telescopic bollards, you can uplevel your company’s security by installing intelligent secure systems with efficient access control systems.
Contact Expert Security UK today to find out how you can improve your business’s security.