Businesses of every size are at risk from cyber attacks. Cyber security should be every business’ top priority.
Employees are often the first to be confronted with a suspicious link or email.
So, we have put together our top ten tips for securing your business and making sure the workforce is your best defence.
Cyber security begins at home.
If employees don’t know what they’re looking for, how can they avoid it?
The vast majority of hacks start with a phishing email. This could be a very specifically crafted email or a series of similar looking emails that are fired at as many people as possible in a scatter shot approach.
Either way, if they don’t know what to look out for or don’t have a simple method of reporting any such activity, then they are likely to get caught out.
Create a simple check list of what to look for in an email. Ensure they know what to do if they spot a dodgy one. Proper training and education could turn the weakest part of a company’s defence, into the strongest.
For passwords to be effective, we need to remember them or have a means to remember them. Password managers can certainly help you control the strength and access to certain passwords.
Most business level password managers will allow sharing of logins in a secure environment with permission set for varying levels of access. For example, the accounts team will be logging into services that the marketing team will never need to use.
The two biggest problems are reusing the same password on multiple sites, or using easy to guess passwords.
Educate the workforce on how to construct unique passwords from phrases or statements they are already familiar with.
Social Media Policy
According to research, 40% of Facebook accounts and 20% of Twitter accounts claiming to represent Fortune 100 brands are fake.
The research claims that ‘social spam’ has grown a whopping 658% since mid 2013 and that large brands experience at least one compromise on their social media channels every day.
Understanding that links or media available through Facebook are not harmless is key. It’s also important to understand how these links can lead to malware being allowed full reign on company networks due to one user ‘accidentally’ trying to watch the latest cringe worthy celebrity fall out video.
Social media is an excellent tool when used correctly. However, account security has to be of paramount importance.
Keep systems up to date. It goes without saying that this includes all of the software used on a daily basis. Keeping the OS and anti-virus up to date is incredibly important. Ensuring that updates are installed on every workstation in a timely manner is particularly important.
VPN, Public Wi-Fi
It might be a necessity for the mobile workforce to use public Wi-Fi in service station coffee shops or hotels, but it could also be exposing them to an attack.
For example, ‘Dark Hotel’ used phony update packages to install malware on high value targets while they stayed at luxury hotels.
The best way to avoid this and other Wi-Fi ‘man in the middle’ style attacks is to use a Virtual Private Network.
Multi Factor Authentication
Two Factor Authentication is a means to protect private login credentials. The problem with usernames and passwords is that they are easily lost or stolen, and in some cases, you may not actually be aware that you have been compromised.
By taking something that we know (username and password) and then adding another securing feature like a ‘one-time passcode’ you can further protect that login from guesses or brute force attacks. A brute force attack refers to someone repeatedly trying to guess a password.
Bring your own device (BYOD) requires a clear understandable policy. Outline security requirements and best practice that all employees should read, understand and sign. Antivirus must be installed and all other updates should also be installed as quickly as possible.
Ensure that your employees only have the permissions they need. This can go a long way to mitigating a potentially successful phishing attempt or any intrusion into your system; even the dreaded ‘insider threat’.
Does the marketing department need access to the technical departments’ systems? The more aggressive you can be, the better, but of course you don’t want to hamper your employee’s day to day working, so there needs to be a balance.
Updating Old Systems
An OS reaching End of Life can have a massive impact in terms of replacement/upgrade cost. This is compared to the consequences of a massive vulnerability if not replaced or upgraded, putting cyber security at risk.
It’s in a company’s best interests to keep vulnerabilities to an absolute minimum, because the negative PR backlash can be severe.
Of course, you can install internet security on an old system. You might be careful about what emails you open and what web pages you go to, but it’s like putting the most expensive locks on your 3 ply shed, hoping that it will keep its content safe …
GDPR changed everything for anyone who holds personal data.
With fines up to £17 million or 4% of global turnover, encryption is a big part of protecting data. It also protects the company against these catastrophic penalties.
It protects against USBs, laptops or DVDs left on train, lost in the post or just lying around for anyone to view,
Fifteen Group are partnered with ESET, Europe’s No1 vendor in Europe.
If cyber security is a concern in your organisation, then please contact a member of our team.