14 Ways To Protect Your Business From A Cyber Attack
There’s an old joke in the cyber security industry: there are only two types of businesses. The first are businesses that have already suffered a cyber attack. The second are the ones that will suffer a cyber attack. Hostile and criminal intrusions are so common that even if you have experienced a breach, the next attack could be just around the corner. According to the latest research, a staggering 97% of all data breaches are avoidable with the right cyber security approach. Fortunately, there are simple actionable steps you can take to significantly cut your company’s risk factors.
Order A Security Assessment
This should be your absolute first priority if you are serious about cyber security, especially if you don’t know when your last security assessment took place. A security assessment from a reputable, longstanding managed security services provider will be able to outline the most common threats businesses in your sector face, as well as offering a general plan of action to remedy weaknesses. Any good security assessment should include:
- Assigning a specific team to lead and manage your report
- Reviewing your existing cyber security policies
- Estimating the impact of a cyber attack on your company
- Determining the likelihood of an attack given your current cyber intrusion planning policy
- Summarising threats and vulnerabilities
- Offering solutions to patch loopholes and gaps in your defenses
2. Activate The Important Parts Of Your Firewall
The best business firewalls will offer deep reporting with the ability to send logs to your security team for analysis. A managed security service provider will be able to apply threat detection to your traffic and pinpoint security events by severity, cutting through the noise of the millions of daily alarms and alerts to find the ones that really matter.
3. Trigger Mobile Device Security
So much of modern business is conducted on employee smartphones and tablets, and just one leaky or incorrectly set up device can put an otherwise solid cyber security plan in jeopardy. You must make it clear to staff that security is of the highest priority. While password-protecting a phone, turning on two-factor authentication or setting up email encryption across multiple devices can be time-consuming, it is never as bad as suffering a data breach.
4. Enact Advanced Endpoint And Detection Response
While most firms will have anti-virus and malware detection installed across their network, many programs are not fit for purpose in what is a rapidly changing field. Your endpoint security should be able to handle file-less and script-based threats, as well as being able to rollback the damage done by a ransomware-encryption attack.
5. Promote Staff Security Awareness
Regular training is key to building a workforce that not only understands the basics of work security, but the importance of applying it to every situation.
6. Defend Against Spam Email
Attacks that originate via email are the oldest tricks in the book but are still relatively common because they are so easy to carry out. Filtering your company email, placing restrictions, and whitelisting and blacklisting servers can all contribute to cutting the risk of suffering from spam emails.
7. Encourage Proper Password Usage
All the hard work to secure your systems can be quickly undone by the simple defect of not having correct password management in place. Employees will often prioritise convenience over security, using the same passwords across personal and work accounts. Complex, alphanumeric strings are the strongest and hardest for hackers to guess. You can also set user screen timeouts and filter who has access to high-level files and folders.
8. Research The Dark Web
Your managed security services provider should employ experts in dark web research to keep on top of data leaks which are often traded across online black markets. One of the largest breaches to date saw more than one billion pieces of personal information, including easily-searchable unencrypted passwords and company logins, go up for sale.
9. Backup Regularly
Automating backups to the cloud can save you time and money and protect against the heart-stopping loss of vital company information, whether that’s intellectual property, business contracts or ongoing work. The best backups will offer file version control to allow you to access and restore previous versions of saved files. Backup regularly, and always check your backups are working as they should.
10. Encrypt Everything
Any data that moves from your company to your clients, whether email, work files or personally identifiable information, should be encrypted as a matter of course. While business to business emails are considered private, they can easily be read or shared by unintended participants. The best encryption methods work in the background without impacting speed or reliability.
11. Authorise SIEM/Log Management
SIEM or Security Incident and Event Management is the most resource-efficient way for teams to correlate the vast amount of data produced on a daily basis in order to analyse your network logs in real time. Keeping a firm hand on business data is crucial to providing you with actionable security updates and advice to better protect your valuable data.
12. Set Program Updates
Unpatched programs can open up backdoors for hackers to slip into your network unannounced. Microsoft, Java and Adobe programs like to update extremely frequently and it can be difficult to tell which updates are critical and those which are simply desirable. Managed security service providers will automate your updates on a sliding scale to patch critical vulnerabilities as and when required.
13. Impose Multi-Factor Authentication
Most employees will be aware of two-factor or three-factor authentication, and your provider can advise on the best options to ensure data is locked behind walls that only those who are authorised can access.
14. Offer Web Gateway Security
When the vast majority of your company’s work is carried out online, you need secure web gateway solutions to protect the devices operating on your network from infection and to enforce company policy on which sites can be accessed. Gateways should include URL filtering, application control to manage social media, and methods to quickly detect potentially malicious code. Native data leak prevention is also included in the best packages.