Unfortunately, the way the modern world has evolved has brought cyber security to the very forefront of our business concerns. This concern has grown in unison with our reliance on tech; not in our wildest dreams could we have imagined that it would be intertwined into our daily lives to such an extent, and this applies to both the workplace and the comfort of our own homes.
It is essential – at the bare minimum – that you have a beginner’s understanding of cyber security. You need to know what to look out for, and the fundamentals that will allow you and your team to use tech not only efficiently but safely too.
The security of many small to medium businesses is not remotely good enough. Vigilance and preparedness are particularly important. Would you leave your front door open when you leave the house? No? Then why do you do the equivalent with your cyber environment?
Everyone has some form of internet connected device in their home life, and most have them intertwined to every part of their existence. It comes as no surprise that cyber criminals saw an opportunity and grabbed it with both hands.
The criminal landscape has changed. No longer do they need to break into your workplace in the dead of night, but can now sit on the sofa and take down your entire business. There are actions that help tilt the scales in our favour to ensure that our systems are as protected as they can be. Our lack of knowledge is the main reason as to why we are being targeted so successfully. We hope that the remainder of this article will enlighten you to not just uncover the ways you can defend your systems, but also to understand what the cyber criminals are using to attack your business – therefore allowing you to better prepare your defences.
And that is exactly where we will start. We will now explore some of the methods used by cyber criminals to gain access to your systems, steal your data, and cause carnage. Later, we will explore some cyber security essentials you need in your toolkit; they will ensure that when an attack happens it won’t cause business defining damage.
Ransomware encrypts the data on your system and denies you access to it – it is this that makes it particularly frustrating for victims. The cyber criminal uses the Ransomware to take over control of your data, and they then demand a ransom for its safe return. Cyber criminals will attempt to force your hand into paying the ransom fast – they do this by setting tight time restrictions on when it needs to be paid by, with a threat of severe consequences if you don’t follow instructions.
It is, of course, tempting to just pay them, get it done and finished so you and your team can move on. Your data is probably worth far more than the amount they demand anyway. But, is trusting a criminal wise? Do you really think that paying them is going to produce the desired outcome of access? One could argue that you are simply advertising your willingness and financial ability to pay.
Phishing is a form of cyber attack that takes place via email. The attacker sends an email that appears to be from a trusted source, be that a person within a business that you regularly engage with or an entity that would carry an equal level of recognition and trust from most people.
The emails themselves create a problem, which could take the form of an invoice or fine to pay, or a requirement to reset or update credentials or personal information. It will always be a problem that, within its nature, forces you to act with a sense of urgency – and, with that urgency, act rashly and therefore fail to fully vet the legitimacy of the email and hence fall victim to the cyber attacker.
Success for the hacker means they gain an array of personal and sensitive data and information within their control. This data can come in the form of credit card details, personal contact information or login credentials.
The phishing attack – with the sense of urgency instilled in it from the cyber criminals – will lure the unsuspecting victim to act by clicking a link embedded within the email that results in malicious software being downloaded to the victim’s machine, or simply arrive at a site designed specifically to collect such data.
Malware can be particularly devastating. Its aim is to steal your data and to cause damage, destruction, and chaos on your systems. It is often designed, orchestrated, and managed by a group of cyber criminals rather than just one person. The group – once having tested the data – will sell it on the Dark Web for others to use, or even just use it themselves.
The list of potential ways that your systems could be under attack is endless, but, with knowledge, you and your team can begin to implement ways to protect your organisation from what could be a business debilitating attack. You must purchase, implement, and maintain the right tools to protect your business; but this can be a difficult task, so where do you start?
Your Cyber Security Toolkit
1. Documented Policies
2. Acceptable use Policy
3. Modern and updated software and tools
4. Frequent employee training
5. An effective data backup procedure.
These are the basic steps to a cyber security checklist, which we will now explore in more detail.
1. Documented Policies
You need to have policies that are easily understandable, and they must all be signed by your entire team – this makes sure that your organisation is secure before you even start. These policies should outline what you class as best practice when operating the system – your team must know how they are expected to act, and their obligations. The policies give you a sense of certainty that your employees are observing adequate security measures and procedures at all times – their signature highlights that they have read and understood what is expected of them, and also the consequences should they stray. You can outline this in the policy.
2. Acceptable use Policy
An acceptable use Policy will consist of rules regarding the use of your organisation’s assets and data. With one in place you can be certain your team are using the tools that you provide them with, not only to their full potential but also in a way that keeps the user and the system/ asset safe. Everyone with access to the system must read and sign the policy – their signature is what binds the contract and ensures they know their commitment.
3. Modern and up to date software and tools
The most modern and up to date tools must be used wherever possible. Up to date tools make it much easier to ensure the security of your system – the most modern software and tools are designed with the latest cyber security dangers in mind. When using legacy operating systems or software you are inadvertently making your system a prime target because the latest updates (and therefore protective adjustments) from your vendors will not be in place. Don’t get us wrong – modern tools and software doesn’t guarantee security – unfortunately, nothing can – but it is a good start, and, combined with a good patch management programme, you will reap the benefits of updates at the earliest possibility.
4. Employee education
Employee training is a key part of your cyber security toolkit. Training will provide your team with the skills to protect your systems, they will know how to navigate the system safely and behave in a way that ensures the prolonged safety of your organisation. Taking it one step further, your team will be more likely to find, assess, and report a security issue if they happen to come across one.
Your team need to know how to secure their emails, cloud accounts, personal devices – if they are used for business work – and their information systems. Your team must know that Phishing emails are the main threat they are going to face, how to defend against one, and, most importantly, what they are to do if they encounter one.
5. An effective data backup policy
Unfortunately, regardless of the security measures you put in place, you can’t guarantee cyber security. Prepare for the worst-case scenario – businesses need to outline and enforce an effective disaster recovery policy.
With an effective disaster recovery plan, all parts of your business will have different actions they need to take in the event of a disaster. It may be complex but a personal disaster recovery policy will set you up well in your attempts to contain the attack. Continually making changes and updating your policy will ensure a speedy recovery of critical data, networks, or computer systems.
We hope that this Toolkit starts you off on the right foot and helps you to feel better about the security of your system – and the abilities of your team to defend that system.
Following this checklist will allow you to feel better about the security of the technological landscape in your workplace.
Ensuring your Toolkit is equipped
We are in the business of helping businesses. We provide IT solutions and support to facilitate and encourage growth. Our team of experts offer effective comprehensive cyber solutions that protect your data. We centre our efforts around reducing the risks your business faces and offering improved levels of communication, collaboration, and productivity. If you and your team want to get the most possible from IT in the most secure way, please don’t hesitate to get in touch.