Cyber security should be at the very top of your business concerns – the entire world has internet connected devices at the very core of business functions. Your team must have the inside edge to defend your systems, and in turn be familiar with the ever-evolving ways cyber criminals are attacking your systems. Your vital business data is the key to success or failure, so it must be protected.
Your system security should now take pride of place over even the physical security of your business, because a criminal is far more likely to try and penetrate a virtual doorway that is guarded by a virtual gatekeeper. Up-to-date Password management procedures, and, above all, capable Firewalls that stand firm in the face of sophisticated schemes, are essential! Criminals would rather attack your systems than put themselves physically in the line of danger by sneaking around in the dead of night only to find nothing (as most business currency is virtual now anyway, as opposed to the classic ‘cash in a safe’ you see in films).
Criminals also like the anonymity offered through cyber attacks. Instead of kicking a door down or smashing a window, they can – if the cyber attack is sophisticated enough – sneak in undetected and be gone again before you even know they were there.
It seems a shame that small to medium businesses are often merely caught in the crossfire as a consequence of an attack on a larger business or government entity, when the target’s mailbox becomes the origins of the attack.
Regardless of the number of internet connected devices you have, the number one reason that businesses – and individuals – become victims of cyber attacks is through a severe lack of knowledge. Our eagerness – and, in most cases, impatience – forces our hand – we grab the device, take it out of the box and get going with all the amazing new features it has, not realising how potentially dangerous it can be if the wrong person gains access.
In the simplest terms; at the end of the day you subconsciously check that the building is secure, making sure all windows and doors are locked tight (some even get home and have to go back again to be sure that everything is safe). Now, as much as this practice will continue, we should adopt this level of paranoia for our internet connected devices too – we clearly don’t mean every night scour your entire cyber landscape for any sign of a weakness but we do mean keeping the doors and windows closed to those that don’t require access.
Regardless of size, you are at risk! This is the ominous truth – your cyber security measures must be able to withstand sophistication and deception, and that goes for your team as well – but, predominantly, your Firewalls must be the first and most substantial line of defence (behind an effective password strategy).
There are recommended ways of ensuring your systems are defended, one of which is by working toward the Cyber Essentials Accreditation, which will help you to remain secure and allow you to project a cyber secure image to your clients – in the modern age of cyber threats this can be a crucial factor for some consumers. But, for others, this can seem like overkill; for these individuals, learning the different methods of attack cyber criminals are using is essential, because how can you defend your system from something you know nothing about?
The Methods of Cyber Attack
Malware is a file that has been designed with the specific intention of attacking and undermining the functions of an application or even the entire computer system. It comes in many variants but, most commonly, Malware is used to attack your network via email attachments.
Ransomware is technically a form of Malware, but it deserves a mention – it locks you out of your own data, and if you do have access that data is encrypted. What follows is demand of a ransom for your data, usually an obscene figure along with a ploy to hasten your decision (to pay the ransom by x o’clock or it will be distributed on the Dark Web, for example).
Many pay the criminals. ‘I would rather lose x amount than lose my reputation, customers, and my licences due to compliance obligations being breached through not adequately looking after said data.’ But why trust a criminal? You wouldn’t if one broke into your business in the dead of night and tried to have a dialogue with you. So why is this any different? Paying simply broadcasts your naivety, and your willingness to pay (both now and in the future when they break through again, perhaps having left themselves a back door key on the way out).
A Phishing attack is when a cyber criminal assumes a false identity in fake/fraudulent emails in order to gain access to private information.
Phishing Emails carry malicious links; these links are key to the cyber criminal’s attack being a success. The cyber criminal will pose as a trusted source of the recipient (usually a bank or government entity). Again, they bring a sense of urgency and time sensitivity in the contents of their message; they – like with Ransomware attacks – are trying to force the recipient to decide quickly and on a whim. When the rouse is believed it would then involve the recipient clicking the link and facilitating the attack.
Now you have a beginner-level familiarity with the methods cyber criminals are using to attack your systems, we will look at some of the cyber security fundamentals that every business in the world should have in their arsenal.
In the remainder of this article we will explore some of the most integral cyber security measures that will equip you and your team for an effective defence against a strategically planned cyber attack.
The Cyber Security Fundamentals
Good data backup
You will come under attack at some point! With the way in which the commonality of attacks is rising, it has become an eventuality rather than bad luck, so you must have an effective backup in place to ensure that you can be back up and running to full capacity at pace, not allowing your customers to lose faith in your service.
We recommend to keep at least three copies of your data backed up elsewhere, and use separate storage medias for each. They will allow you to rest easy knowing you can continue working.
There is no way to guarantee that your walls won’t fail, because, with new ways of attacking systems being developed every day, inevitably one will succeed. Data backups are on par with Firewalls as the most important measures in your cyber security arsenal, because if they do somehow break through the Firewall and cause havoc there is a way out using your backed up data.
As we have already mentioned, Passwords are key to a secure cyber landscape. Everyone knows the basics of password management, although we all may struggle to remember them right now, or – for the foolish – some have the same password for everything. There are more steps to good password practice that make them far more secure, which are as follows:
- Ensure that your team follows a strict set of pre-determined rules when creating their passwords. Following these rules will enable passwords to stand up against the cyber criminals trying to breach them.
- Use multi-factor authentication where it is available.
- If it is too easy to remember – change it! Avoid easily recalled sequential passwords, recurring numbers (such as 1234, 6789) as well as frequently used words.
- If possible, make sure your password is over ten characters long and contains a combination of letters, numbers and even special characters – when it comes to passwords the longer the better!
- Use upper and lower-case letters.
- Periodically change them.
Passwords stand before even Firewalls in your cyber arsenal, so good passwords are a necessity – your Firewalls are the soldier and your Passwords are his shield.
It is essential that you manage permissions to your system. Your users should only be granted access to accounts that are required for them to perform their role. Data loss, theft, or – if the attack is particularly sophisticated – deliberate changes to your security settings, could facilitate future attacks. Only giving access as required lessens the likelihood of a user accidentally granting access to a cyber criminal.
Anti-Malware must be downloaded on ALL laptops and computers in your possession. Most devices come with a free version as standard, but this is never good enough at defending against even the least sophisticated of attacks, simply because they can’t cater to your system if they don’t know what you are trying to achieve.
Cyber criminals aim to encrypt your data, so you must get their first. A confusing prospect – but encrypting your data first gives you the key to your system, rather than letting the criminals make one first.
Your team must do their bit in the defence of your systems. They are targeted due to their presumed ignorance around the importance of cyber security, so you must equip them with the knowledge they need to offer another part of that suit of armour we mentioned earlier, along with tools to match it.
Implement an IT Security Policy
Your cyber security policy – if you don’t have one then now is the time – must be clear and to the point. You and your team must know it inside out. Regardless of what they do with IT in the organisation, they must be familiar and compliant to the policy’s guidelines.
The policy will serve as a ‘bible‘ to follow; before you’ve even implemented new technologies you will already see a change. If everyone knows their role in the protection of the system they can help instruct you on the tools they need to be better.
The policy must be meticulously constructed in writing and contain the security guidelines and obligations of the team, both when working on premise or remotely. The policy will allow you to feel safe in the fact that your team not only know how to conduct themselves in the most secure way possible but also that they know how important their role is in the safety of the organisation. Whether they consistently do this is another thing, but, once they have written their signature next to the procedure, you can relax knowing they have read and understood what is required of them. This, of course, means that you are within your rights to take action if they don’t behave as they promised to.
We hope that this article has enlightened you to the true extent of the problem of cyber security, the ways criminals target you, and ultimately your and your team’s role in protecting your systems. If this seems difficult alone, and we wouldn’t blame you, get in contact with our team and see how we can help you.
An Operational Business No Matter the Circumstances
We’re in the business of helping businesses. We provide IT solutions and support to facilitate and encourage growth. Our team of experts offer effective comprehensive cyber solutions that protect your data. We centre our efforts around reducing the risks your business faces and offering improved levels of communication, collaboration, and productivity in your everyday business processes. If you and your team want to get the most possible from IT in the most secure way, please don’t hesitate to get in touch.