10 Tips for Preventing a Cyber Attack on your business
1. Understand cyber criminals
Cyber criminals have a wealth of different ways they can access, steal or damage your assets. Knowing the different methods they use is key to understanding how to protect yourself. Examples of these methods include phishing emails loaded with malware, unauthorised access through devices and systems and gaining information from staff to deceive them.
2. Train your staff
You’ve heard the saying ‘a chain is only as strong as its weakest link’. 80% of cyber attacks on businesses were preventable, mostly caused by a lack of staff training. Make sure every member of your staff has been trained, for example, to use systems correctly, to update their devices when instructed and to recognise cyber crime attempts.
3. Preserve your data
Make regular back-ups of your important data and conduct checks to ensure the back-ups can be restored should you need to recover corrupted or stolen data. Keep the back-up separate from the original systems and consider storing a copy in a cloud-based location. Should a hacker hold your vital data to ransom and demand payment for its recovery, you can refuse knowing you have it stored safely elsewhere.
4. Be smart whilst working remotely
If your staff ever work remotely or may access company data, systems or accounts remotely, you should have a relevant policy in place. Key restrictions include never using public Wi-Fi networks, keeping portable devices updated, using complex passwords or fingerprint technology to access devices and set them to be tracked if stolen or lost.
5. Prevent malware damage
Use antivirus software on all computers and laptops, as well as on on portable devices where possible. Ensure you use only reputable and approved providers of this security. Updates are developed regularly for software and devices to continue to prevent new malware and viruses from breaching your firewalls. Make those updates to all devices when prompted, and ensure your firewalls are switched on.
6. Restrict removable media devices
USB sticks, portable hard drives and SD cards can all carry dangerous viruses and software, which can quickly spread from one computer to all devices. Consider introducing a policy on the use of such removable media devices and restrict their use. Transfers of files can be safer through cloud platforms.
7. Don’t punish staff
A crucial step to protecting your assets in the event of a cyber attack is reporting it in time to act. Don’t punish staff if they are caught out by an attempt by a cyber criminal, it will discourage staff from reporting it in the future, which may lead to more damage than necessary. If you suspect a successful attack has occurred, immediately change all passwords and begin scanning for malware.
8. Avoid a phishing attack
Millions of phishing emails are sent every day and many can be very convincing. The obvious signs to look out for include poor grammar and spelling, poor quality graphics and logos, and unfamiliar sender email addresses. Even if you know the sender personally, check their email address is one you have safely communicated with them previously. If an email contains links, especially links to sign in to an account or provide personal information, avoid using them and go to the website independently. Never open an attachment if you are not sure the email is legitimate.
9. Protect your passwords
With the UKs most common passwords including 123456, password and Qwerty, cyber criminals are quickly able to gain access to our accounts and devices with little effort. The recommended formula for a safe password is three random words, including numbers and symbols. For example L0ND0NAPPL@B3@CH. Do not enforce regular password changes, they only need to be updated in the event a successful attack is suspected.
10. Control access to data
It is unlikely that all staff need access to all drives and folders for all departments of your company. It is easier to keep data secure if staff only have access to the data they need to access, and if you have a record of who has permissions to access which files. It is also vital that permissions are removed, accounts suspended and passwords change once a staff members employment comes to an end.