Cyber security – what is your line of defence?

February 16, 2017

It’s a common misconception that only big businesses, governments or financial institutions are affected by cyber attacks. Unfortunately, it is this exact thinking that makes small to medium size businesses vulnerable to attack. With limited knowledge of digital security and a general lack of safeguards in place, small to medium size businesses are an easy target for attackers.

Reports of malware and ransomware attacks on businesses of all types and sizes are increasing. These attacks have the potential to cause significant interruption and can be costly to resolve. Businesses that have not implemented adequate safeguards against malicious cyber intrusions may find themselves paying thousands of dollars in ransom to recover valuable files, such as customer records, intellectual property and financial data. A 2016 IBM study¹ found that 70% of businesses had paid to get their data back after being extorted by ransomware.

Business owners must be proactive when it comes to protecting their digital data. There are a number of ways to build a robust line of defence to fortify your business against cyber attacks.

Keep your software updated and use supported versions of software

This not only includes the main items such as your operating system and programs, but also your emails, database and webservers. These should all be configured to update automatically where possible, as keeping software updated is key to preventing malware from infecting your system. In addition, you should control the types of software being installed on your network and ensure they are from reputable sources.

Develop a backup strategy for your critical data

A good strategy involves performing daily data backups.  For best practice, you should also perform additional weekly and/or monthly backups, retain offline copies and consider secure, offsite storage facilities for the weekly/monthly backup media.  Ensure that you also test your systems to ensure that you can recover your files from backup data.  With a good back up strategy, you will ensure you have access to your valuable business and customer data in the event of a cyber attack, and mitigate the impact of any ransomware attacks.

Ensure you are not using default passwords and change your passwords regularly

Default passwords are easy to guess, so ensure your passwords are unique and differ where you are using multiple systems or access points.  It is important to change your passwords every two months, ensuring they are sufficiently complex.  As a guide, a robust password should be at least 8 characters long and contain a mix of letters (both uppercase and lowercase), numbers and symbols.  Avoid using personal information, such as your child’s name, your mother’s maiden name, or your date of birth, as this information is often readily available on social media profiles, and therefore much easier for cyber attackers to obtain.

Install security software that includes a firewall, anti-virus and anti-spyware and keep it updated

Security software helps to protect your organisation against malicious or otherwise unauthorised incoming network traffic.  Legitimate security software should be provided by a reputable company and will likely involve some expense to purchase and maintain.  Be wary of pop-up boxes offering free security scans or software installs as these are often attempts by malware to infect your computer.  Remember the old adage – if it sounds too good to be true, it probably is.

Recognise and follow safe online practices and assign a dedicated IT manager

Ensure that your staff understand how they should use email and the internet on your network, and educate employees about safe browsing habits (i.e be wary of unsolicited emails or phone calls, and to be cautious of opening attachments or clicking on web links sent via email).  Employee education is one of the key defences protecting your business from cyber attack.  Also, by assigning a dedicated IT manager in your business, you will ensure that information security is considered on a day-to-day basis.  Ensure this person keeps up to date with cyber security threats and makes colleagues aware of potential issues.

Protect critical information

By controlling physical access and using encryption when this information is stored on portable devices or removable media, you can minimise the risk of resource theft, destruction or tampering.  Encryption helps ensure only those people authorised to access information stored on portable devices and removable media are able to do so.

It is important that you build cyber security into the day-to-day activities of the organisation and treat it like any other business risk.  As a starting point, you should consider having a detailed cyber threat assessment performed on your business to identify vulnerabilities within the context of the specific risks that apply to your business.

We can help

If you feel that your business may be at risk of cyber attack and would like assistance with designing your defence systems, contact the team at McGarry Partners.  We have affiliations with IT specialists who can help you analyse your digital ecosystem and data storage practices, and formulate a plan to protect your business and ensure you maintain the ongoing trust of your valued customers.

_{^{____________________________}}

^{1. http://www-03.ibm.com/press/us/en/pressrelease/51230.wss}