Cyber security has always been important, but has been thrown into the limelight by the recent high-profile attacks on the NHS and others. Interestingly it is only the attacks on big organisations that make it into the media, which has given some small Business owners the false sense of security that they are safe and won’t be a target, and therefore do not need to spend money on security.
They are woefully wrong and statistics show that attacks on small companies with less than 50 employees are increasing and were 70% up on 2015 figures. The key point is it does not matter how big or small your business is, or even if you are a business, you are still a viable target and need to take steps to minimize the risk of an attack. It’s a sad truth, but these hackers who launch these ransomware attacks, viruses, phishing scams, vishing and social media attacks are not necessarily interested in the money or obtaining your data but in causing as much disruption as possible.
There is no guarantee that if you are unfortunate to suffer a ransomware attack paying the ransom will guarantee the release of your data, they may still destroy it anyway. The best thing way is to try and prevent the attack from happening in the first place and if it does happen to have a robust plan in place to act and be able to deal with the attack. The first key point would be to always, always have backups of your data, it is no good doing a backup once a month you need to have backups running daily. The backups if possible should be stored offsite from your main trading location.
The next thing would be password policy, ensure that you are implementing a password policy in your business but not only that, ensure that you require the password to be of a certain length and complexity, use memorable phrases such as “failingisthefirststeptosuccess1 instead of trying to use a mixture of letters and numbers that you might forget. Additionally, have an expiry time on passwords so they must be regularly changed and set policy to disallow previously used passwords being used again within a 3-month period.
Make sure when you receive an email before opening it you check that you know the sender, if you are not sure delete it immediately. Never open an email or attachments from addresses you do not recognise. Furthermore, make sure your Antivirus is up to date but do not rely on this to prevent you from being attacked as Antiviruses can only protect against threats that it knows about and the vendors of the Anti-virus have loaded into the software, which is way keeping them up to date is crucial. I would recommend having an end to end real time protection solution in place that works alongside the Anti-Virus software but scans everything in real time before it reaches the end user thus detecting a threat before it can deploy.
Depending on the size of your Business you may be using switches ensure that ports on the switch that are not being used are closed so that external attackers cannot use this as a way of gaining entry to your network, the same goes for firewalls too. Following these steps will help minimize your risk of being attacked and will also go towards helping you be compliant with the new General Data Protection Regulation rules that come into effect in May 2018.
Ricky Fais is Managing Director of RicksTechSupport