Cyber-attacks are an ever-growing concern for businesses. As technology is becoming more sophisticated, so are cyber-attacks. The problem that businesses face is that the more they rely on technology, the more devastating an attack could be. This is a short guide to how businesses may be vulnerable, alongside tips for protection.
Most cyber-attacks on businesses are connected to staff. These attacks can usually be listed in two categories, accidental and intentional.
One of the most common examples of accidental staff attacks are phishing emails and phone calls. This is when cyber-criminals attempt to extract information such as passwords from employees, so that they can then access further information. Conversely, intentional attacks involve past or present employees storing or altering data. This can include 3rd party data sharing, unauthorised data downloading and sharing, and abuse of employee privileges. Further intentional examples are white hat hacking and penetration testing. This is when attackers target businesses to highlight flaws in security, before black hat hackers discover such flaws. These are usually paid employees who can in turn improve business security.
Sadie Creese, Director of the Global Centre for Cyber Security states that surprisingly the attacker does not need to be super tech savvy. In some examples “all they have to do is put the correct cable in.”
The most effective way to prevent internal attacks is to educate employees about the threats. Make sure that staff know what requests they may receive and how to gage legitimacy. Importantly, promote the notion that if there is uncertainty, don’t proceed and report any attack immediately.
Another common vulnerability is dated software, hardware and licencing. This is something that was highlighted by the 2017 NHS ransomware attack. Up to date software and licencing will ensure that devices have the most recent security features and are running at the highest speed. See this as the computers immune system and see its hardware as a body that needs to be maintained.
Flexible working is great, however it increases vulnerability. Consequently, it is key to stay safe when working remotely. Mobile device management is essential because portable devices are much more susceptible to hacking and theft. Ensuring your company policies and mobile device management software are up to date can prevent or detect and issue before hackers have time to do too much damage. For example, you can improve your data security by using an access rights manager tool.
It is important to ensure that staff passwords are strong, all devices are encrypted, kill packets can remotely disable missing connections, information is regularly backed up, and that all data is stored on secure servers, such as Microsoft Drive.
Elizabeth Heusler, Owner of Heusler Public Relations, adds that you should pre-plan in case something does go wrong. She says: "Enable the security, trackers and insurance on your devices. Also, consider a buddy system with a colleague, so you have each other’s backup, security and access codes and set up remote access on each other’s computers."
Kristen Youngs, Owner of One Bag Nomad, says: "My business operates completely remotely and is 100% online. I've learnt that you should invest in a good VPN, which is software that prevents people from accessing your business's private information. As this software protects the transfer of sensitive information, you and your employees should always use a VPN."
As highlighted above, sharing information is necessary, and so it is important to make sure that data is safe wherever it is. It is important to think where’s the data stored? Does the location have different data regulations? Is it secure? Additionally the location of your server is relevant, affecting both data speeds and also SEO.
Likewise, it is crucial to be protected against malicious software. A strong firewall will monitor and control incoming traffic. Additionally, anti-virus software protects against viruses that can damage your computer and files. Other software such as Smart Protection Network can protect against other malware such as worms. Worms will slow systems down as they replicate and were infamously used in the Stuxnet attack that targeted Iran’s nuclear programme.