6 ways to protect your business from cyber attacks
In today’s sophisticated world, a standard username and password is no longer strong enough to prevent unauthorised users from gaining access to your account. Additional steps should, therefore, be taken to enhance security and keep data safe.
1. Enable two-factor authentication
What is it? Two-factor authentication is an industry-standard security measure that adds an extra step to the login process to prove user identity. It requires a combination of username, password, and a code or fingerprint accessed via the user’s trusted mobile device.
Why use it? This extra step can significantly protect your account, making it much harder for unauthorised sources to attack your database. Even if an outsider obtained your password, they wouldn’t be able to access your system without the additional proof of identity from your trusted device.
2. Identify and report suspicious activity
Cybercriminals can trick users into revealing their login details or personal information through schemes such as phishing.
Phishing usually refers to fraudulent emails or text messages that appear real, sent from familiar organisations with mimicked branding and/or language
Spear phishing is similar but much more targeted and personalised
They often deceive users into opening a link or attachment and asking them to confirm their personal information
According to Verizon’s 2020 Data Breach Investigations Report (DBIR), phishing and hacking (using stolen credentials) were the top two breach threats
It can be difficult to spot a phishing scam, especially as cybercriminals get better at covering their tracks. Check the domain name (sender email address) to see if it looks legitimate and think carefully about what they are asking you to do. Very few (if any) companies will ask you to confirm your personal information via a link or attachment. If you suspect an email is a scam, report it and block the sender. It’s a good idea to change your password too for extra protection.
Read the first blog in our security series which covers phishing in more detail.
3. Use complex passwords
A weak password instantly puts your database in danger. According to Verizon’s 2020 DBIR, over 80% of web attacks used stolen credentials to gain access to sensitive information.
Using a complex password that is a mix of uppercase letters, lowercase letters, numbers and symbols will make it much more difficult for outside sources to guess. Complex passwords should be changed for each platform though, according to cybersecurity expert, Jon Inns. "Advise staff not to use the same password on different applications and encourage them to use a password safe or manager," says Jon.
Password managers like LastPass create complex passwords for you and securely store them in a password-protected database. This helps you to:
Manage your passwords for multiple accounts
Retrain the way you use passwords, eliminating bad habits
Enhance your online security
4. Regularly check your database
Staff are responsible for their individual accounts, but system admins or account overseers are responsible for making sure their users are genuine and recognised. Regularly review your users and login attempts to make sure all are known to you. Doing a regular user audit will help keep your database clean and up to date.
"Monitor for leaked account usernames and passwords for your organisation using a service like Trillion from Threat Status," says Jon. "Third-party password leaks make access to your systems easy for attackers."
5. Create and share your security policy
Whether you have a small business with just a handful of employees or operate a global chain, the importance of cybersecurity potential for security risks remains the same. Documenting your security procedures and educating your teams will act as a pillar for your staff when it comes to adhering to the practices tailored to suit your business security requirements.
6. Educate your staff
When it comes to data safety, employee negligence is often the biggest liability. Research from Kaspersky Lab shows that around 90% of data breaches are a result of human error. It’s crucial that you teach staff about cybersecurity and regularly check to ensure they are following your guidelines.
Some important best practices to highlight are:
Their rights and responsibilities
What they can and can’t access in the database
Effective password management
Jon recommends dedicating some training to the importance of cybersecurity, backed up with resources and refreshers to keep it in the forefront of people’s minds. "Anyone with access to email should be trained on what a phishing email looks like and what to do. Ransomware is often launched by malicious email links and attachments so it's important for them to be able to recognise and report anything suspicious."
Hold your staff responsible by asking them to acknowledge and sign the policy mentioned in point four, stating that they understand and adhere to your security procedures.
Cybersecurity is an ever-evolving process, and web attackers are becoming increasingly adept at gaining unauthorised access. It is essential that you and your staff follow these best security practices and continue to treat online safety as a top priority in your business.