Five Cybersecurity Actions for 2024
In 2023, 32% of small businesses and 59% of medium businesses have reported some form of breach or cyberattack. As in previous years, the trends suggest that as the size of the business increases, so does the risk. However, SMEs continue to be the most disproportionately affected due to their limited resources for recovery. So, for small to medium sized businesses in London, taking appropriate cybersecurity action is crucial, not only to protect your data now, but also to ensure the future of your business.
In this article, we help you understand how to mitigate risk to your security and improve your organisation’s awareness. Read on to help your business thrive and prioritise these five key cybersecurity actions for 2024.
Approximately 4% of successful data breaches to UK businesses have been down to ransomware. This matter of cybercrime has affected various sectors, causing significant financial and logistical strain. Notoriously, Royal Mail suffered a ransomware attack in January, leading them to pause their international services for weeks. Months later and revenue has been affected, customer trust has been lost, and further finances are invested in remediation.
Blocking access to data can bring businesses to a standstill, and often hardware is left unusable afterwards. The effects of ransomware on small to medium sized businesses can be greatly debilitating, so take a proactive approach to cybersecurity action. You must always act sooner rather than later to avoid the risk of such attacks.
- Implement a robust back-up strategy and ensure regular backups. Your data backups should not be stored in the same place as the originals to ensure effective safekeeping. Remember the 3-2-1 storage rule.
- Confirm if antivirus software is installed and updated at all endpoints within your company.
- Reinforce security at the individual level. Keep yourself updated on new trends and share with employees how they can identify social engineering techniques such as phishing and clickbait.
- Patch operating systems, apps, and third-party software such as Adobe, Flash and Java.
- Restrict administrative privileges to lower the risk of malware from users downloading games.
Ransomware can be largely addressed by identifying and rectifying the weak points in your business’ security behaviours. Therefore, increasing employee awareness should be at the heart of your ransomware prevention effort. Also, you may want to seek out an IT service provider in London to assist if required.
Using strong passwords
Small businesses are particularly vulnerable to password risks and often do not have a password policy in place. Taking these first steps can truly mitigate damage if a malicious actor attempts to breach your organisation’s IT infrastructure.
Typically, the use of strong passwords may be emphasised for high-security systems rather than across the board. Password security will be severely compromised by employees using the same password for multiple websites over an extended time. There is also the issue of one set of login credentials being used by multiple employees. In this case, the password is created to be easy to remember for convenience’s sake but can be detrimental to data protection.
If you suspect that your company’s password protection is not effective, consider these key actions:
- Enforce strong passwords with a minimum length of ten digits. They should be a combination of numbers, letters, and special characters.
- Have employees change passwords every 90 days.
- Ensure that accounts get locked out after a certain number of invalid login attempts.
- Implement the use of a password manager to boost password security.
Leveraging cloud computing
The cloud is a good way of outsourcing data protection to a company with strong security capabilities. It is impossible to be 100% secure, but a highly secure cloud provider can deliver the optimum level of protection and privacy for small and medium companies. Often, SME’s who invest in their own cybersecurity cannot perform to the best standard necessary.
There is also the question of cost. Alongside the investment in hardware, data centres and specialised labour resources, the need for on-going maintenance can eat into your technology budget. Striking a balance between on-premises products and cloud services is more cost-efficient for your business. Subscription-based and pay-per-user cloud services offer cost flexibility while also allowing you to scale up or down in response to business growth or market changes.
Securing mobile devices
If you allow your employees to access your corporate network on their mobile phones they must be secured. This is particularly important to note if they view or hold sensitive information on their devices.
Develop a policy that includes password protection, data encryption and security apps to prevent incidences of data theft when the devices are on public networks. For remote workers, a separate remote policy should refer to issues of network security. If your budget permits, ensure all devices containing sensitive data use either a VPN or dedicated remote private network. Avoid unsecured public networks at all costs.
Implementing multifactor authentication
Symantec estimates that 80% of data breaches could have been avoided with two-factor authentication. Multifactor authentication offers a second layer of security which is hard to exploit. Assess your security settings and have all employees use their mobile phone number as a second factor.
If you’re seeking industry-leading IT security solutions, or simply need further guidance on the best cybersecurity actions to take for your London business, reach out to our team of IT specialists! So, whether you’d like to book your free audit or speak more about our services, don’t hesitate to contact us for a no obligations chat today.