Improving Cyber Security Within Your Business

It is estimated that nearly three in five organisations in the UK have suffered a possible breach of security, with hackers ever vigilant, targeting the weak links within businesses.

It is estimated that nearly three in five organisations in the UK have suffered a possible breach of security, with hackers ever vigilant, targeting the weak links within businesses.

There doesn’t need to be any malice on the part of employees; it is simply enough that they open a suspicious email, lose a device, enter secure information where they shouldn’t, download files or open attachments.

Data breaches can be hard to identify, taking an average of 191 days to be discovered, according to the Ponemon Institute’s 2017 Cost of Data Breach Study, with a further 66 days required to contain the breach.

Breaches are expensive and can adversely affect the reputation of a business. However, there is much that can be easily done to make sure security practices are effective. Many successful cyber attacks depend on human error such as mistakes made by well-intentioned employees or failure to take advantage of the security software available.

The following points should form the backbone of any good cyber security policy.

Employees

Employees are often the weakest link, but with the right training they can become the strength of a firm’s cyber security strategy.

Every single person within an organisation should have relevant and ongoing training, with security always at the forefront of their mind.

They should understand how to fully utilise protective software and be aware of the dangers of phishing, downloading files, weak passwords, failing to regularly change passwords and giving away sensitive information.

Training also needs to cover what to do if a breach is suspected and updates regarding new scams.

Software

Best practice means promptly installing all patches and updates to software. This should happen automatically, and not be reliant on people remembering to do it.

IT staff should also regularly assess the entire system to look for weaknesses and ensure it is still fit for purpose.

Data loss protection software should be used to safeguard against unauthorised attempts to access the system.

Hardware

Employees should only ever access company data on secure devices. They need to protect against loss should the device go missing or be stolen by using two-factor authentication. Any data used across the business should routinely be encrypted.

Email

Email is frequently a target for hackers, giving them scope to access a system and communicate with employees.

Email management software is becoming increasingly sophisticated, with the ability to detect phishing attempts and spam as well as identifying genuine emails, attachments and links.

Tools are also included to keep data secure as it is transferred.

To avoid sensitive data being stolen through email impersonation fraud you should implement Lawyer Checker’s OnDMARC’s service. This sophisticated web-based system effectively secures your firm’s email by actively blocking phishing attacks and preventing 3rd parties from impersonating your email domain to any recipient such as your clients and employees. 

It is worth repeating that the strength of an organisation’s cyber security policy is in its individuals. Those who are well-trained and remain vigilant will be an asset to the business. Taking the time to have regular training sessions for all staff will be repaid as hackers fail to gain access.