Despite cyber attacks on individuals receiving more attention in the media, it is Britain’s businesses that need to up their game when combating cyber crime.According to a joint study undertaken by the Centre of Economics and Business Research and Veracode, cyber attacks cost British businesses £34 billion a year in terms of lost revenue and resultant increases in IT spend – however this figure could actually be much higher as many breaches go undetected.
To combat these costs, the UK government has greatly increased its cyber crime budget, but the message remains clear – organisations must take care of their own cyber security. With this in mind, we’ve compiled the top five things you can do to help prevent an attack.
1) Regularly back up your data
Employees should be encouraged to back-up all of their data frequently throughout the year. Implementing regular back-ups ensures that critical data is not lost in the event of a cyber attack. There are a number of automated backup solutions to manage this for you, and many allow you to test your restores to ensure that they can be deployed effectively during an incident. Data should be stored in remote locations away from the office, such as in the cloud, and all sensitive data regarding the company and its clients should remain fully encrypted.
2) Look out for red flags
With UK phishing scams rising 20 percent per year, employees should be trained to keep a watchful eye out for such harmful emails. While email providers and antivirus vendors are continually improving their detection procedures to spot these potential threats early, some of the trickier scams can still find their way into your inbox. These emails may be disguised as a trusted client’s email or a recognisable brand, but will tend to have a few dead giveaways.
Employees should always be on the lookout for emails with suspicious attachments, messages that ask for personal or credit card information and emails that make requests for immediate action. Sophisticated phishing attacks, known as spear phishing, appear to come from individuals that you know, and employees should always be aware of these potential threats.
With the right training employees can effectively deal with these threats and ensure that viruses and malware are not downloaded. Where potential threats have been identified, you should ensure that everyone in the organisation is aware, to avoid others from becoming victim to the same incident.
3) Change passwords frequently
Once a cybercriminal has access to a corporate password they have free rein to do as they please. It is vital that your employees change their passwords on a regular basis and don’t use the same password for multiple accounts. A good benchmark is to change passwords once every two months, and include different classes of characters (e.g. special characters, upper and lower case, and numbers). Avoid dictionary words and never write your password down.
4) Control the paper trail
Even with the best security measures in place, companies can still be exposed to threats through employee negligence. For example, an employee might leave a printout of a sensitive document, or a device full of confidential data in a public place. The issue can be addressed by fostering a corporate culture that strongly emphasises the proper disposal of paper-based documents, and encryption of removable and mobile devices.
5) Avoid disclosing sensitive information over the phone
We’ve all heard of phishing, but many companies aren’t aware of another worrying phenomenon – vishing. Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that can later on be used for identity theft. Again, the solution to dealing with vishing is simple awareness. Employees should be encouraged to put the phone down on any caller if they have doubts about their identity. They should also refrain from giving out PIN numbers, web passwords, credit card details and addresses over the phone.
Companies today spend millions of pounds on advanced cyber security technology. While this technology is extremely useful, the last line of defence in any company is an employee. With the proper training, employees can do a great deal to halt cyber attacks in their tracks. With these five simple tips you can ensure your business is better protected and able to counter unexpected and potentially costly attacks.