Most businesses we speak to appreciate the danger of cyber crime but believe they’re covered and it won’t happen to them. The statistics on the increase in cyber-attacks and hacking incidents on Small and Medium size Businesses tells a different story. In April 2019, Fin24 reported that 10,000 cyber-attacks are carried out per day in South Africa, up by 22% year on year. What used to be considered a threat only to large corporates, is now affecting everyone, including SMEs.
In this article we take a look at the 5 steps you can take to protect your business from cyber attack and hackers.
Over the past few decades, technology has increasingly become an integral part of the workplace, impacting everyday work functions. From email and financial transactions, to professional networking and collaborative work documents, businesses rely on multiple technology platforms to be connected at all times and to conduct work effectively. However, there is no doubt that the ease and mobility of working across many platforms on different devices in alternative locations has made it easier for cyber criminals to ply their trade of deception, manipulation and theft.
The best defence for cybercrime is knowledge. The most important step of all is to actually take responsibility for the cyber security of your own business. This means taking the time to familiarise yourself with the most common cyber security threats. Some of these tactics include scammers impersonating a business, the sending of fraudulent emails, and viruses and malware. Your employees will always be the most vulnerable link and no software application can stop them from chosing to access dangerous links, from bringing infected files on to the company’s network or accessing work systems outside of the office secure net. These data breaches result in lost files, software, system or website corruption, and can result in loss of assets or intellectual property. Education is paramount and we can assist you with educating your staff and implementing a strict usage policy for your business that can greatly mitigate this potential threat.
There are a number of things you can do to make sure that your data is protected. All businesses hold a range of data, from customer details to trade know-how, which contain sensitive information that can easily be put at risk if businesses don’t take a number of steps to protect it.
Focus on user access control. You should decide who/what needs access to specific datasets in your business and make sure access control is locked down. You would be surprised how insecure file sharing within businesses can be if rigid permission policies are not implemented and adhered to. User access control should be managed effectively to ensure that only the most trusted and authorised users are granted high-level access priviliges to sensitive company data.
Next you need to ensure your sensitive business information is not accessible on the public domain. There are a number of ways businesses can minimise their risk of exposure. One way is by setting up a ‘burner email’, which is essentially a dummy email account that can be used when signing up for a site or service to avoid supplying a company email address. The bonus of a burner email address is it can be set up so that any replies are forwarded automatically onto the company email address, but it gives businesses the security that their email address isn’t being shared around.
All your computer and network devices should be configured to reduce the level of security vulnerabilities. Any computing device that is connected to the internet should have protection in place in the form of anti -virus, malware protection software and end to end encryption so you can protect against threats such as a ransomware attacks where your business data effectively gets hijacked through malicious encryption and only released upon the payment of a ransom amount. One of the best ways to negate the results of a successful cyber – attack penetration is to ensure that the data the criminals get hold of is totally unreadable. We suggest using end to end encryption to protect yourself against a successful cyber- attack, where everything gets encrypted all of the time.
The good news is whilst malicious software may be constantly developing, security software is constantly adapting to cope with these threats too. That’s why it’s so important that a business keeps its anti-virus software updated at all times. Sybaweb’s Cyber Security Services uses policies, implementation procedures and the latest security controls that will ensure your devices are not at risk.
The use of boundary firewalls and secure internet gateways will go a long way to ensuring protection against unauthorised access to your network from the internet and there are many first class firewall solutions that we can advise on to help you put in place. You can, and should, also protect your data by keeping off site back up and in the worst case scenario do a restore. A robust Business Continuity regime will handle that for you and manage your entire backup requirements.
In a world where there is an App on your smartphone for almost everything, common sense dictates that you make use of two factor authentication password policies and you probably do that already. In setting passwords we suggest that you opt for fingerprint or facial recognition where there is the capability. We also strongly recommend that you contantly keep your operating system, and all the Apps that you use, updated as irritating as it can be. Besides containing the latest bug fixes, updates will incorporate the most up to date security plugs generated as a result of user experience world wide, its what you paid for after all. There is also anti-virus and anti-malware software that you can install and we recommend that you regularly review the permissions on your Apps, removing ones that aren’t regularly needed.
The Internet of Things (IoT) is changing the way we interact with our world from checking in on our household security to turning the oven on to cook dinner while we are still at work. With every device that is intelligently connected to the internet, it can be used to control, monitor and measure its environment. This comes at a high cost though because with every new IoT device we add another potential point of failure as far as our security is concerned. So while its great to use our Alexa, Amazon Echo or Google Home devices to power up our sound system to lift our day, or to remind us to buy those bunch of flowers, just please don’t forget to power these devices off when you aren’t around.
So the message is, don’t you be the greatest risk of all to your business by locking the gates but leaving the keys under the mat.
Unless you have the internal resources to monitor network and device access internally, we suggest it could be a good idea to contract a Technology and Cyber Security Management provider to provide real-time monitoring and risk assessment. This would involve round the clock monitoring of company firewalls and internal networks. Sybaweb’s Technology Management solutions provides full network health monitoring to our clients, with visible reporting via a secure individualised portal providing access from wherever they are on their device.
At the start of this article we highlighted the increase and potential damage of cyber crime activity to your business. These 5 Steps are just some of the points that we recommend as a guideline on how you can protect your business. Each one unlocks a whole host of futher discussions and conversations which we would love to have with you. If you are interested in investigating your Cyber Security strategy with us, please get in touch.