Five Cybersecurity Actions for 2018
According to the Cyber Security Breaches Survey 2017, nearly 46% of all UK businesses identified at least one attack or breach in the previous year. A separate survey suggests that attacks were more prevalent in areas such as operations and data. If you’re looking to improve your company’s security posture this year, here are some action to prioritise.
2017 saw security experts fight the Wanna Decryptor ransomware that locked internal data and applications, affecting a number of businesses worldwide, including many hospitals in the UK. Blocking access to data can bring businesses to a standstill, which is why there is no better time than now to reduce the risk of such attacks.
- Implement a robust back-up strategy and ensure regular backups
- Confirm if antivirus software is installed and updated at all endpoints within your company
- Reinforce security at the individual level by sharing with employees how they can identify social engineering techniques such as phishing and clickbait.
- Patch operating systems, apps and third-party software such as Adobe, Flash and Java.
- Restrict administrative privileges to lower the risk of malware from users downloading games.
Ransomware can be largely addressed by focusing on and rectifying security behaviours, so employees should be at the heart of your ransomware prevention effort. An IT Support London provider can assist if required.
Using strong passwords
Small businesses are particularly vulnerable to password risks and often do not have a password policy in place. The use of strong passwords may be emphasised for high-security systems rather than across the board. Password security is severely compromised by employees using the same password for multiple websites over an extended time period. There is also the issue of one set of login credentials being used by multiple employees, and in this case, the password is created to be easy to recollect for convenience’s sake.
- If you suspect that your company’s password protection is not as robust as it needs to be consider three key actions:
- Enforce strong passwords with a minimum length of 10 digits, which should be a combination of numbers, letters and special characters.
- Have employees change passwords every 90 days.
- Ensure that accounts get locked out after a certain number of invalid login attempts.
- See if you want to use a password manager to boost password security.
Leveraging cloud computing
The cloud is a good way of outsourcing data protection to a company with strong security capabilities. It is impossible to be 100% secure, but a highly secure cloud provider can deliver the level of protection and privacy that small and medium companies investing in their own cybersecurity cannot.
There is also the question of cost. Besides investment in hardware, data centres and specialised labour resources as well as on-going maintenance can eat into your technology budget. Striking a balance between on-premise products and cloud services is more cost-efficient. Subscription-based and pay-per-user cloud services offer cost flexibility while also allowing you to scale up or down in response to business growth or market changes.
Securing mobile devices
If you allow your employees to access your corporate network on their mobile phones, particularly if they view or hold sensitive information on their devices, mobile security is crucial. Develop a policy that includes password protection, data encryption and security apps to prevent incidences of data theft when the devices are on public networks.
Implementing multifactor authentication
Symantec estimates that 80% of data breaches could have been avoided with two-factor authentication. Multifactor authentication offers a second layer of security that is hard to exploit. Assess your security settings and have all employees use their mobile phone number as a second factor.