Cyber security and protecting businesses from online threats remains one of the main focus areas for any business owner and CTO
A report on cyber security breaches released by the UK government earlier this year, found that over four in ten of all UK businesses has suffered a data breach or an attempted attack in the past 12 months.
With more online threats from ransomware, data breaches and even internal threats, there are now more attacks on UK businesses than ever before.
While email remains the primary source of malware, scammers are becoming more sophisticated in their approaches. For businesses operating in today’s world, the implications of failing to maintain secure systems can be catastrophic for both brands and businesses.
But there are a number of measures you can put into place to help mitigate the risk. Tom Huckle, head of Cyber Security and Development at Crucial Group, shares his tips for keeping your business safe online.
Take Security Seriously
“It sounds obvious doesn’t it, but compromising your approach to security straight away puts you on the back foot. Invest in your network defence and provide your security team with the skills, tools and resources they need to do their job well. Those at the head of the business will need to be behind you too. So, build your case, show them the risks and get set up properly”, says Huckle. “You’ll never stop all attacks but being prepared for what comes at you will keep you on the front foot.” Plan out exactly what you need, who needs to support it, the role of those involved and invest both time and resource so you’re ready for anything that might be thrown at you.
See all employees as security officers
Although the IT team may have overall responsibility for the technology and software, within most businesses, employees are using technologies susceptible to threat every day. “Train your employees to spot attacks. See them as an extension of your team. They as well as you are likely to be sick of the emails reminding people not to open attachments, so instead, why not organise some sort of security threat simulation? Or host a workshop to encourage people to better understand the threats to them and the business?”. Employees are just as likely to be concerned over a breach of security. Work with them so they understand what the risks and dangers are and so they’re armed with the knowledge they need to combat against them.
Make sure you are GDPR compliant
In the aftermath of the GDPR storm earlier this year, if you haven’t already, it’s worth conducting an asset inventory so you can manage your risk. Huckle continues: “conduct an audit on who has access to sensitive data and systems. Who has access to it and do they really need it? People can change roles internally, so you may find people have access to systems they may no longer need or be appropriate for them to anymore.”
Cyber criminals are still successfully exploiting known vulnerabilities within hours of new updates being released. “Guard against these threats by taking simple steps to keep your software and firmware up to date and updating the patches as soon they are released”, says Huckle.
Encrypt sensitive data
“Unfortunately, every business will be subject to a breach one day”, says Huckle. “However, businesses should be prepared by encrypting any data so it’s of no use to anyone if it’s stolen”. Data is one of the most precious assets of any business. You can also keep it safe by making sure stolen devices are equipped with remote wipe capabilities.
Use two-factor authentication
Although phishing scams are common and many people are used to receiving these sorts of emails, they are slowly but surely getting more sophisticated. “It’s easy for employees to make mistakes. Consider introducing two-factor authentication. In doing so you can limit the damage that can be done if credentials are lost or stolen.”
About the Author
Tom Huckle is the Head of Cyber Security & Development at Crucial Group. He joined from the Barclays Bank Global Attack Monitoring Cyber Security team and now leads Crucial’s Academy and Consultancy.
Tom specialises in defensive security, threat intelligence and information assurance, and teaches on the Defensive, Information Assurance and Threat Intelligence courses. An Ex-Royal Marine Mountain Leader of eight years, he taught himself cyber in his spare time in the military and gained the necessary qualifications to move into a cyber role once he left the forces. His experience also includes 6 years at the UK Ministry of Defence.