According to the Department for Digital, Culture, Media & Sport, over a third of businesses (39%) surveyed as part of their annual Cyber Security Breaches Survey, reported experiencing a cyber security breach or attack in the last 12 months (leading up to March 2021). And almost half of the businesses who reported experiencing an attack said that they occurred around “once a month or more often”.
The National Cyber Security Centre defines a cyber attack as “malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices”.
So how can you best protect your organisation from hackers and cyber criminals? Here are some key dos and don'ts...
- Identify the risks to your company. Take stock of all the potential threats - including ransomware or malware attacks, insider mistakes, phishing emails, etc. The more familiar you are with these types of attacks the better you can prepare for them.
- Identify all the potential entry points for cyber attacks, such as laptops or company phones. Take steps to secure them, like installing up-to-date anti-fraud software, enabling two-factor authentication, and ensuring strong and unique passwords are used for all company accounts.
- Take measures to protect employees who might still be working from home as they can be a target for fraudsters, e.g. as part of a phishing or vishing campaign.
- Make sure you have backups of your most important company files, that are stored offline or in a cloud system, in case your organisation is subject to a ransomware attack.
- Provide your staff with regular cyber security awareness training, including training on how to work from home safely as it can pose risks to company systems. For example, if employees are using poorly secured home networks or are printing confidential documents and not disposing of them properly.
- Ensure your supply chains are robust, to minimise the risk of a supply chain attack. This includes being aware of all third-party suppliers that you work with and setting minimum security requirements to ensure that high standards of cyber security are met.
- Use the same, or similar, passwords for all your accounts.
- Give out personal or financial information relating to yourself or your business.
- Neglect to give your employees relevant and regular cyber security training. Many security breaches occur not because of criminals, but due to well-meaning employees sharing sensitive information or not following the correct procedures.
- Fail to prepare for a cyber attack. Having an effective cyber security plan in place will help to mitigate some of the risks of being targeted by criminals. And if you are targeted, it will help the business to get back on its feet quicker.
Getting started with improving your cyber security
The above points are by no means an exhaustive list when it comes to ensuring that your business is secure. If you’d like to learn more about how to better to protect it, we recommend the Cyber Essentials scheme from the National Cyber Security Centre.