As recent data breaches indicate, businesses of all types, sizes and in all locations are at real risk of a cyber attack at any given moment. Latest figures have shown that cyber crime affected 3.72 million people in the UAE in 2017– costing the country almost AED4 billion. In reality, there are just five specific steps that all companies need to follow to effectively protect against cyber attacks: secure your hardware, encrypt and backup all your data, encourage a security-centered culture, use robust firewall and anti-malware software, and invest in cyber security insurance.
Here’s how to put these steps into action.
Secure your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of company hardware is often overlooked but the loss or theft of devices is a real threat to be aware of. Begin your cyber attack prevention strategy with the basics: protect all devices with a complicated password, share that password with the device user only and commit it to memory instead of writing it down in an easily accessible place. Do not overlook the effectiveness of physically attaching computers to desks. This is a simple, yet effective way of preventing intruders from walking away with company equipment and the sensitive data they hold.
Finally, install ‘find my device’ software on all laptops, phones and tablets. By doing so, equipment that is stolen can quickly be located by the authorities.
Don’t overlook safeguarding company hardware
Data breaches commonly occur due to stolen equipment and so safeguarding your hardware is an easy strategy in improving your company protection from a cyber threat.
Encrypt and back up data
An effective cyber crime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. Companies can achieve the latter by always encrypting their data. As highlighted by researchers in the International Journal of Advanced Computer Science and Applications, data encryption remains the ‘most efficient fix’ for data breaches, should they occur. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.
Also check that this software is activated and updated on all company devices. And minimise the amount of time a computer sits unused and unlocked by setting all devices to automatically enter ‘sleep’ or ‘lock’ mode after five minutes of no use.
Stay ahead by backing up data and storing it separately
After encryption, backing up all data is another key way of protecting yourself from security breaches. With ransomware hackers locking companies out of their systems, encrypting their data and asking for a ransom to be paid before releasing the data, you can stay one step ahead of them by backing up all of your data and storing it separately.
Invest in cyber security insurance
Because cyber criminals continue to work tirelessly to find ever more advanced ways of breaching security defenses, even the most security-conscious businesses remain at risk of an attack. US research into the cost of data breaches has shown that in 2017, the global average cost of a single data breach event was USD 3.6m – equivalent to USD 141 per data record. The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance, yet only 9% of UK businesses and 15% of US businesses have this type of insurance, according to the UK Department for Digital, Culture, Media and Sport, and the US Better Business Bureau, respectively.
Seek specialist advice for cyber security insurance
Minimize your risk by seeking specialist help to select the best type of insurance for your company, based on your risk of attack and the financial impact of such an event.
Create a security-focused workplace culture
Employees are the most common cause of data breaches as many don’t recognize external threats when they occur or have a good understanding of the daily actions that leave a company vulnerable to a cyber attack. For example, the UK Cyber Security Breaches Survey 2018, carried out by the UK government and Portsmouth University found that 43% of UK businesses have experienced a cyber security breach or attack over the last 12 months, with only 20% of UK companies offering training to staff within the same time frame. Such breaches were more common in businesses in which staff members use their personal devices for work. Businesses need to ensure sufficient security training and education for staff remains a key focus, but where to begin?
Educate staff on the dangers of unsecured networks
Banning employees from using their personal devices for work may seem like an obvious approach, but this strategy seldom works in the long term. As staff members grow tired of the inconvenience, they are likely to return to accessing work on personal devices, regardless of policies prohibiting this.
It is therefore more impactful to teach staff how to use both their personal devices and work devices in a way that minimizes the risk of being hacked. Top of the list should be educating them about the risks associated with using unsecured networks to access work information.
This should include clear definitions of what unsecured networks are, and where they are commonly found such as in coffee shops, airports, hotels and so forth. And then how to verify if a network is secure (secure networks require a key/password to access them).
Teach avoidance of unsecured websites
Staff members should be taught about the importance of never accessing unsecured websites on work devices because this gives cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords.
Discourage password sharing
Employers can create a security conscious culture in which password sharing seldom happens. By not only educating staff members on the risks, but also by leading by example and never sharing passwords or asking staff members to temporarily log in guests, contractors and new hires.
Using protocols, such as creating temporary passwords for contractors or expediting the onboarding process for new hires, will also help to minimize scenarios in which password sharing is needed in the workplace.
Restrict network admin rights
Restricting IT admin and access rights to a small handful of users is invaluable in minimizing the risk of data breaches as employees cannot give away information they don’t have access to.
Always entrust this information to a key figure in your IT department and ensure that (s)he is adequately trained on the safe and encrypted storage of this information.
Businesses are vulnerable without employee education
Highlighting the need for employee education on the types of daily actions that leave a business vulnerable to cyber attacks.
Use robust anti-malware and firewall software
Research has shown that the most common cyber crime experienced in the UAE in 2017 was malware infection, which accounted for 53% of all cyber attacks. And with ransomware featuring as the most prevalent cyber security risk to small businesses today, protecting your business from ransomware and other types of malware is vital.
Existing anti-virus tools are not very effective against ransomware, which changes almost as quickly as new anti-virus tools are developed. Ransomware can work quietly in the background and only be detected by an anti-virus programme when it is too late to save your files. So, it is important to invest in software that has been specifically designed to deal with this challenge.
While effective anti-malware tools catch and isolate software viruses when they strike, preventing these viruses from entering your database in the first place is vital.
Investing in an optimized firewall is therefore key for preventing malware from entering your computer systems. And with cyber security threats changing at a rapid pace, always pay attention to update notifications and run them as soon as they become available. These updates are made in response to the latest cyber threats and are therefore a key tool in the fight against cyber attacks.
Use software in conjunction with education
By using firewall and anti-malware software in conjunction with employee education you are well equipped to prevent –or at least deal with– attacks due to ransomware, which can enter computer systems through emails and other employee-related errors.
Protect against the threat of an attack
Even though the threat of cyber attacks is real, it’s easy to forget all about it until one strikes. However, if your company has an online presence, stores customer and company data on digital devices and uses cloud-based software, a thorough cyber security strategy is essential.
As outlined in this article, the steps to achieving the peace of mind and financial security that such a strategy brings should involve the use of up-to-date data encryption, data back-up, and firewalls and anti-malware software. Implementing this alongside thorough and ongoing employee education on cyber security really is your best bet to ensuring that the threat of a cyber attack never becomes your reality.