As more aspects of business move to the digital format, it’s essential that your organisation understands the five best practices for cyber security to ensure that you’re maintaining the integrity of your data, and keeping the personal information of your customers – as well as your staff and corporate information – safe from prying eyes.
In recent years, we’ve seen a noticeable trend from cyber criminals targeting organisations of all shapes and sizes with a series of phishing campaigns, business email compromises and other data breaches. Earlier this week we reported on data from a cyber security firm who estimates that cyber attacks are costing organisations more than $7.6 billion each year, while IBM puts the figure for organisations suffering a data breach at more than $5.6 million per incident; this does not factor in the irreparable damage to the organisation’s reputation and trust with consumers.
As we move further into the 21st century, maintaining your organisation’s information security stature is absolutely essential considering the fact we’ve already seen customers vote with their wallets, opting for organisations that take their cyber security obligations seriously. With that in mind, let’s jump into the five best practices for cyber security that your organisation can begin deploying immediately.
With that in mind, let’s talk about Five Cyber Security Best Practices that can consolidate your organisation’s network security and keep your customer’s data safe.
Learn to Identify Phishing Emails
Phishing emails, as the name might suggest, are attempts from outsides to catch your attention and reel in your personal information with the few clicks of a mouse. Phishing emails are often disguised as being sent from a reputable or trusted organisation like a utilities provider or financial institution, and will ask you to click a link inside the email. It’s imperative that everyone in your organisation is trained to identify the tell-tale signs of a phishing campaign so your organisation closes the door to outside attackers. Interestingly, research has shown that people largely overestimate their ability to spot phishing emails successfully.
A recent report claimed that “our data shows that only 5% of the British public are able to consistently identify phishing scam emails and texts, highlighting both how sophisticated and convincing these messages have become, as well as the need for us to constantly remain alert – especially when we are spending more time at home.”
Update Software and Enable Automatic Software Updates
There’s no doubt that you’ve been using a certain piece of software that prompts you to update to their latest version. These software updates are released by software developers for a number of reasons, namely updates to the application for the user, as well as a host of security updates that are essential to keeping your organisation safe. Developers take note of what pieces of malicious software – malware – are being used by cyber criminals, and they actively write new pieces of code to patch any potential vulnerabilities in their software. This is one of the most simple, yet effective means of deploying the best practices of cyber security in your organisation, as it involves just a few clicks of a mouse. Make sure that your organisation is updating to the latest versions of software that you’re using, so you’re minimising the risk of outside attackers taking advantage of old versions of software that you’re using.
If your organisation enables automatic software updates, you can go about your operations without worrying about whether or not your system is updated, as it will update itself.
Implement Multi-Factor Authentication
Ensuring that everyone in your organisation is using multi-factor authentication is an essential pillar of cyber security. You would have noticed on things like your internet banking, if you’re making a payment to someone not in your address book, the financial institution will send you a txt message containing a six-digit code to confirm your transfer. This is multi-factor authentication, and it ensures that whatever decision you’re making online, is being made by yourself and not by an outsider with your login credentials.
While a hacker can, through a variety of methods, access your login details, it’s extremely difficult for them to intercept a confirmation message being sent directly to your phone. It’s absolutely essential that your organisation deploys multi-factor authentication across major applications being used- especially with workforces moving to a remote means of operating. With multi-factor authentication, you’re closing the door to sophisticated threat actors and limiting what actions they can take if they do end up inside your system; they’re also an effective means of determining if an outsider has made their way into your organisation’s system.
Regularly Backup all Data
One of the most damaging cyber threats for organisations operating in 2020 are ransomware attacks. These ransomware attacks are launched by hackers that essentially lock up an organisation’s ability to access their data. The hackers will encrypt the organisation’s data so it is impossible to view without a decryption tool, which the hacker will provide to an organisation – for a price. This is why it’s called a ransomware attack: the hacker will make an organisation’s system unusable until a ransom is paid, usually in the form of cryptocurrency so they can remain undetected by authorities. These ransomware attacks were recently ranked as the top threat to organisations in 2020 with the authors of a report stating that ransomware attacks accounted for 35% of all reported cyber security threats, with business email compromise attacks taking out second place with a 32% share.
With this in mind, it’s imperative that your organisation backs-up all its data – making a copy of your data – so your organisation can continue to operate even in the wake of a data breach or ransomware attack. While backing up your data doesn’t remediate all aspects of a severe data breach, it does give your organisation the ability to continue to operate – serving your customers with the response times they deserve – while you address the data breach. Backing up your organisation’s data is an essential aspect of keeping your data secure even in catastrophic circumstances.
Set Strong Passwords, Change Regularly and Deploy Password Managing Software
There have been recent reports of databases containing hundreds of millions, if not billions of login and password details for sale on the dark web. There is a lucrative market for login and password details, and cyber criminals are increasingly turning to these databases to launch more targeted and sophisticated cyber attacks against an organisation, or its employees. The simple fact is that if a cyber criminal is able to access one employee’s staff email, if they’re clever enough, they can make their way into the entire organisation’s network. In light of this, it’s essential that you regularly update your passwords that use a strong combination of letters, numerals and symbols. You can make the life of a hacker significantly more difficult if you’re employing long passphrases, rather than words, especially if they include a combination of capital letters, symbols and numbers.
Perhaps more significantly, it’s essential that you never duplicate passwords across platforms, so you’re minimising the risk of one data breach resulting in the compromising of all your accounts. If you’re an organisation, the use of a password management system can be invaluable in keeping the login details of your staff safe and secure, while taking the effort out of managing a set of login details. Password managers set extremely difficult passwords that even the most sophisticated hackers and password-cracking software fails to guess, meaning that you’re closing one popular avenue that hackers often look to while exploiting an organisation or individual online.
Best Cyber Security Practices for Remote Workers
We’ve covered a number of these key cyber security best practices in a previous article focussed on remote workers, considering that workforces are increasingly moving to a flexible or work-from-home environment. While this is no doubt convenient, the reality is that it opens up new avenues for cyber criminals to potentially access your personal information, or use vulnerabilities in your operations to access more lucrative corporate information. With a few innocent clicks, you can be an unwitting point of access for hackers looking to exploit your organisation’s system and the valuable data that you’re responsible for keeping safe.