As our world becomes more digital, companies are increasingly becoming more vulnerable to cyber criminals. Cyber-attacks can be defined as unauthorised attempts to access, corrupt or delete companies’ sensitive data. In 2017, 46% of all UK businesses reported at least one cybersecurity breach or attack and this rate rose to 66% for medium businesses and 68% for large businesses.
To protect against cyber-attacks, it’s important to understand best practices for keeping your company safe online.
Common cybersecurity questions
Most businesses are still learning about cybersecurity basics. We’ll help improve your cybersecurity knowledge by answering some of the most common questions.
What are the biggest cybersecurity threats for businesses?
Fraudulent emails are by far the biggest cybersecurity threat for businesses. In fact, 72% of all breaches or cyber-attacks resulted from staff members receiving such emails.
Businesses should also be aware of cyber threats such as viruses, spyware or malware, people impersonating the business or its employees in online communications, and ransomware.
Thankfully, the most disruptive types of cyber-attacks can be avoided by properly training staff. Employees should know how to avoid phishing scams, best practices for password security, how to respond to fraudulent emails and other cybersecurity basics. Learn more about the types of cyber-attacks in our article What is cybersecurity?
What links are safe to open?
It’s important to always question a link’s trustworthiness, even if the link has been sent by someone you know. Clicking on a bad link could result in your computer becoming infected by a virus, spyware or malware.
When assessing a link, there are a few warning signs. For example, shortened links are often used by malware distributors or phishers (those that operate phishing scams) to hide the link’s true destination. In addition, links including a bunch of strange characters, such as“%”, or from unsolicited emails are also best avoided.
Can you really get a virus just from opening an email?
While opening an email can sometimes infect your computer, email attachments or links pose a much bigger threat. Email attachments and links can contain viruses, trojan horses, or worms that are activated when you click on them.
Never download an attachment from an unknown sender. If you receive an email with an attachment or link from a known email address but weren’t expecting anything, it’s best to contact them and confirm the validity of the email. Hackers can easily gain access to email accounts and then send infected emails to the account users’ contact list.
Is it safe to use public wifi?
It’s not unusual for employees to work remotely and sometimes this includes working in coffee shops, on trains or other places with public wifi. Public wifi should not be trusted for sending, receiving, or working on sensitive corporate information as man-in-the-middle cyber-attacks are extremely common on unsecure networks.
A man-in-the-middle cyber-attack is when an unauthorised individual views or accesses your private information as it travels from your computer to a website. Man-in-the-middle attacks are akin to online eavesdropping. It’s recommended that remote employees use a VPN (virtual private network) or 4G for a safer connection when working in public spaces.
How to stay safe online
Staying safe online doesn’t need to be complicated or expensive. A few easy to implement security measures might prevent your company falling prey to cyber criminals and allow you to use the internet without problems. Here’s the basic safety steps that every company should incorporate into their cybersecurity policies.
How to stay safe when using the cloud
Cloud technology allows remote employees to share, send and access real-time data from any location at any time. It also allows companies to automate administrative tasks, such as payroll or invoices, saving time and money. Like any online platform, it’s important to maintain a sense of cybersecurity awareness when using the cloud.
With proper vigilance and training, most cloud-based security threats can be easily avoided. According to a recent report, 70% of data breaches on the cloud arose from employees accessing data without authorisation, 65% from employees using one password for multiple platforms, and 33% from employees sharing passwords with co-workers.
To prevent against such threats, companies should have policies for employee access, encrypting data, and limiting the use of employees’ personal devices such as mobiles or desktops.
Use a strong password
While most of us know the risks of poor passwords, few of us actually use strong passwords. According to best practices, passwords should be changed frequently and never used for more than one account.
Google explains that a strong password should include a mixture of letters, numbers and symbols. Best practices include replacing letters with numbers or symbols. For instance, Gettowork becomes G8t2w0rk, or taking the first letter of a longer sentence such as “The Duke of York had 10 Thousand Men” becomes TDoYh10TM.
These formats not only improve password security but also make passwords easier to remember. You can set password requirements on company devices and software to ensure that employees only use strong passwords.
In addition to standard passwords, you can also protect business accounts with two-factor authentication (also known as 2FA). This provides a greater level of security as it involves sending a code to a trusted device like a mobile phone. This code must be entered to access the system or account, which makes it almost impossible for accounts to be hacked.
How to choose an antivirus software
All devices should be protected by antivirus software. Antivirus software protect against scams, malware, spyware and ransomware. Some programs even backup important documents to make the recovery process easier.
To select the right antivirus software, you should consider the size of your network or number of devices, the features provided in different packages, and any special requirements your business might have.
Companies with more than 10 devices may want to invest in a business security solution as this will help protect the entire network. It’s always recommended to pay for antivirus software instead of downloading a free version from the internet.
Avoid pop ups
At best, pop ups are annoying but at worst they can be dangerous. Pop ups can trick unsuspecting users into clicking on unsafe links or downloading files containing viruses. Some pop ups, known as scareware, can even claim to have found a virus on your computer and ask for a payment to remove it.
However, accepting this service can actually install more malware on to your computer. Always close pop ups using keyboard controls to avoid accidentally clicking on an unsafe link or setting your internet browser to block pop ups altogether.
Backup and encrypt data
You should regularly backup all corporate data. That way, if your computer becomes infected, blocked, or corrupted by a virus or malware, you can still access important business information. Data should be stored somewhere safe and secure such as on blockchain cloud solutions or offline.
Under the new GDPR regulations, any company that collects or processes data on EU citizens must legally protect the data of their customers. Data must be encrypted using either privacy by design or by default measures, which renders the information unreadable to anyone without the proper decryption codes. While GDPR regulations only apply for customer data, encryption is still an effective measure for protecting all types of sensitive information.
What to do if you suspect a data breach or cyber-attack?
If you suspect a data breach or cyber-attack, it’s essential to act promptly. Data breaches can be time sensitive so not responding immediately may have greater repercussions for your company. At first sign of a cyber-attack, contact your IT support. They’ll be able to assess the situation, identify the cause, and implement a plan to correct or contain the situation.
If the breach involved a data leakage of EU customer’s personal information, you’ll need to comply with GDPR regulations for reporting the breach. Certain breaches will need to be reported to the ICO within 72 hours and depending on the severity, customers may also need to be informed.
If you assess the breach as not needing to be reported, you still must document the circumstances and provide valid evidence to support your decision.
Once the breach has been addressed and reported (if necessary), you’ll need to closely examine your business’ cybersecurity plans. In most cases, you’ll need to enhance your online security and better train staff to ensure you’re protected against future cyber-attacks.