The government’s 2019 Cyber Security Breaches Survey recently revealed that a significant number of UK firms fell victim to a cyber-attack or breach in the last 12 months. Here, we consider ways in which you can bolster your business’s cyber security measures.
Mitigating the risks posed by cyber-attacks
It is crucial that businesses put measures into place in order to help mitigate the risks cyber-attacks pose. Whilst cyber-attackers have both the motivation and the capability to carry out debilitating attacks on firms, they also need an opportunity. Identifying any vulnerabilities in your business’s systems and taking steps to strengthen them could help to dissuade attackers from targeting your firm.
Implementing effective security controls
A range of tools exist for businesses to utilise as part of their cyber security action plan. Boundary firewalls and internet gateways, such as web filtering, web proxy and content checking, help to establish network perimeter defences. Effective firewall policies help to detect and prevent harmful downloads; block access to malicious domains; and safeguard devices from communicating directly with the internet.
Firms should always ensure all software is kept up-to-date. Tech companies regularly release ‘patches’ within their software updates, which are designed to protect against known vulnerabilities.
Businesses are advised to make use of impenetrable malware protection. Common sources of malware include email attachments, downloads and the installation of unauthorised software. The best antivirus packages protect devices from viruses, spyware, ransomware and rogue botnet software.
Anti-malware defences should be utilised across your organisation, in order to detect and disable malware before it causes harm. In addition, businesses are encouraged to adopt the practice known as ‘whitelisting’: essentially, approving only software you know to be trustworthy.
Managing user privileges
Firms are advised to limit the number of ‘privileged’ staff accounts they create. Limiting the number of accounts that have special access privileges helps to protect against system misuse and unauthorised access. If individuals are given unnecessary system privileges, the consequences of misuse could be extremely damaging.
It is crucial that managers consider what level of access an employee requires in order to perform their job successfully. Businesses may wish to create stringent user security policies, and communicate these with their employees. Generating such policies may help to prevent serious cyber security breaches.
Creating a home and mobile working policy
Mobile and home working are becoming increasingly popular. However, working remotely brings with it some significant cyber security concerns. Businesses should establish risk-based policies that cover all types of mobile devices, alongside flexible working options.
There are many risks associated with mobile working, including the loss or theft of a device; the worker being observed when using a mobile device; potential loss of credentials; and a secure configuration becoming compromised. Risks can be managed by putting an effective mobile working security policy into place, and ensuring all employees adhere to it.
A sound mobile working security policy will determine how a mobile working device is acquired; the types of information that can be stored on mobile devices; and the process for granting employees permission to work offsite. The policy should also take into account any risks to the business’s corporate network from mobile devices, and should outline how remote connections will be monitored.
My cyber security checklist
- Create a cyber security policy and incident management plan
- Train and inform my employees
- Install firewalls and anti-malware defences onto my computer and network
- Download the latest software for all my products
- Remove software I no longer use
- Manage and restrict user privileges
- Develop mobile working policies for employees who work remotely
- Continuously monitor all systems, networks and activity
Here, we have outlined just a handful of measures for business owners to consider implementing into their own firm. Taking appropriate action sooner rather than later will help to safeguard your business against cyber-attacks and cybercrime.