Every year the National Cyber Security Centre, part of GCHQ, produces a report on the cyber threat to business. The 2017 edition makes grim reading. The WannaCry ransomware attack in May spread rapidly and randomly, affecting more than 200,000 computers across 150 countries including parts of the NHS, Nissan and Honda in the UK. All businesses need to take a proactive approach to cybersecurity. Here are some tips on the most basic measures you can take to start protecting your company.
Understand the risk
Firstly, you need to be clear about what you want to protect. This can be as simple as listing out the devices and systems that are vulnerable to attack, that is all of them. What software do you use? What current measures do you have in place and how old are they?
Train your team
Your staff are the first line of defence against cyber threats. Have strong, unique passwords for each account. Every desktop and mobile device should be passworded as should business accounts. Create a cybersecurity policy for your business. It should have best practices that you expect people to follow. Include procedures for keeping the employee, vendor, and customer information safe, a requirement under GDPR in any case. You should also include protocols that staff must follow in case there is a breach.
Every IT professional talks about backup, backup, backup. All important information should have a copy. You might have information on your desktop, but you should also have a copy stored in the cloud. Each copy should be secure, and encrypted.
You may have bought some great security software but if it hasn’t been updated for months it will be vulnerable. Operating systems and web browsers need to be up to date to protect against the latest threats. Any software that’s stored on your computer will need updates. Cloud software should be automatically updated by the provider. If your team use mobile devices for work, make sure they use updated apps, including a security app. Free software may be economical, but has inherent risks, as attacks on Medoc and CCleaner in 2017 demonstrated.
Not everybody needs access to everything. Even a trusted person shouldn’t be allowed to access computers and information that they are normally unauthorised to use. Staff in various positions might have different access to technology, or information. Your company Wi-Fi can be an easy way to access data. If possible, set it up so that the staff don’t know the password. If you want an open Wi-Fi for customers to use, set up a separate network and change the SSID and password regularly. Employee’s personal phones and devices should use this network, isolated from your business-critical systems.
Cybersecurity at its most basic means of protecting your electronic devices and the information that is stored on these devices and is a critical business requirement in 2018. If you would like to learn more about how Netitude can help with implementing better cybersecurity for your business, take a look at our cyber security services