Computer and IT security has become a critical part of a business’s operations and plays a big part in its success or otherwise. We often get asked a lot of questions about workplace security and the importance of cyber security audits, so thought it would be worthwhile putting a short guide together to help you better understand more on protecting sensitive data and business resources.
Over the past few months, many businesses have had to facilitate working from home for the first time. Even those that were already well set up for remote access may not have been equipped to enable home working on the scale that we have witnessed during the Covid-19 pandemic. Nevertheless, security still remains a key priority for many organisations and it’s clear that business security no longer ends at the office walls.
Given what has happened to Honda’s global operations recently, it shows that any organisation has the possibility of getting hit with a cyber attack (no matter how large or small). This short article will hopefully provide you with some information on how your business can protect itself against some of these online threats and outlines some guidance if you do find yourself under attack.
What can I do to minimise the risk of cyber-crime?
- Educate staff members (also important for when staff members are working remotely) so that they know they should not open emails with attachments from unknown sources (this is the most common source of ‘ransomware’ attacks – a particularly nasty form of cyber-crime). Employees should also be trained on how to spot attacks and what process they need to follow if they do think they have been a victim of a potential security threat.
- Implement necessary security policies on your server(s). This means having a firewall in place and all PCs should have anti-virus software enabled. Windows 10 comes with built-in anti-virus, for example.
- Implement strong passwords – Your passwords should ideally be reasonably long and use symbols and numbers. It is good practice to use a different password for each account and use a password manager. Being smart with passwords can also help prevent unauthorised access to devices and networks.
- Ensure all data is regularly backed-up to a secure site. The more layers of backup you have in place, the better your data and business are protected and the less exposed you will be to business disruption.
- Have a cyber-attack response plan in place. Develop an appropriate cyber-security response capability which will enable you to adopt a systematic, structured approach to cyber-security incidents, including selection and management of external suppliers.
It is also important to know what to do if you do become a victim. After all, cyber attacks are one of the biggest security threats that companies face, but often are one that many individuals or organisations are not necessarily prepared for.
What should I do if I am a victim of cyber-crime?
This list isn’t exhaustive, but provides some information on what you could do if you find yourself victim to an online security threat.
- Do inform your customers – customers should be quickly informed, especially those whose data has been compromised.
- Don’t be in denial – it’s important to be open and honest about what security breach(es) have occurred if it affects your customers. This may include owning up to an error on the company’s behalf; don’t sacrifice the integrity of the company to try and cover up a genuine mistake.
- Don’t pay ransoms! Generally, you should not agree to payment. There is no guarantee you will get your data back and you are in effect rewarding criminals.
- Investigate the source of the breach and fix it! Ensure the error/ breach will not happen again and these problems can be resolved.
- Recover systems, data and connectivity.
- Be proactive and reflective. Improve any processes that enabled the breach, gain experience and be prepared for next time.
For more information on cyber-security, check out our cyber-security guide for some useful information to help you secure your network, systems and some of the most common ways criminals attempt to steal information from you.
Alternatively, if you have any concerns about your security policies or would like some advice and guidance on cyber-security, please don’t hesitate to pick up the phone and contact us. We are always happy to help – 0161 464 6101.