Chris Girdlestone, managing director of HUT42 – a cutting edge software development company – advises companies to take the opportunity to prioritise cyber protection rather than leave it too late.
Last Friday’s ‘cyber apocalypse’ once again proved that large scale cyber-attacks are not simply the stuff of Hollywood movies but they are an increasing threat to businesses across the globe.
A harsh reality check arrived on Friday when cyber-criminals disabled computer files across more than 150 countries, preventing users from accessing vital information – effectively holding their data to ransom. Patients’ records and administrative systems temporarily seemed to disappear into thin air causing disruption and delaying operations in 47 health trusts across the UK.
As data breaches of major companies such as Microsoft, AOL and eBay continue to surface, cyber security incidents are growing in frequency, size and cost – it is no longer a question of if but when.
The Cyber Security Breaches Survey 2016 revealed that while one in four large firms experiencing a breach did so at least once a month, only 50% of those had taken any recommended actions to identify and address vulnerabilities. Even fewer, about a third of all firms, had formal written cyber security policies and only 10% had an incident management plan in place.
“The UK is a world-leading digital economy and this Government has made cyber security a top priority. Too many firms are losing money, data and consumer confidence with the vast number of cyber attacks. It’s absolutely crucial businesses are secure and can protect data,”
Minister for the Digital Economy Ed Vaizey.
And it is not only the large corporations which are under attack – the 2016 survey also revealed that smaller businesses of less than 100 employees were particularly vulnerable.
So it is vital to follow these simple steps to protect your company from cyber attack:
- Knowledge is power – ensure you understand the evolving risks and the terms. It is important to understand how hackers gain entry and be aware of the different types of cyber fraud schemes and common threats; from phishing and spoofing, social engineering, malware and systems hacking.
- Develop a security policy which involves all employees as they are the gatekeepers to your company’s information and ensure that employees are aware of the warning signs to a suspected take over.
- Prepare and drill an incident response plan so that all employees know exactly what to do when they discover a direct threat.
- Install an up-to-date anti-virus programme which can stop ransomware and other malware from being downloaded and infecting your computer
- Carry out a full scan – this will locate any malware which may have already found its way onto your computer system.
- Regularly apply software updates – Apple, Google, and Microsoft typically include security bug fixes and patches
- Back up important data onto an external hard drive or the cloud – your company cannot be held to ransom if it also stores data somewhere else
- Use strong passwords and don’t use them for multiple services as this could leave your entire digital footprint vulnerable to attack
- Enable two-factor authentication – many services, including Google, offer two-factor authentication for logging into an account. Instead of simply entering a username and password to log in, you can enter a code sent to your smartphone to verify your identity.
- Exercise caution when opening emails – don’t click on any attachments or links from an unknown sender.
- Carefully read the permissions/app publisher before installing apps particularly from the Google Play store – installing unverified apps is one of the most prominent ways in which malicious apps hackers can gain access to your personal information.
- Make sure a website is secure before you enter personal information. Look for the little padlock symbol in front of the web address in the URL bar and also make sure the web address starts with the prefix https://.
- Don’t send personal data via email. Sending critical information such as credit card numbers or bank account numbers puts it at risk of being intercepted
- Keep an eye out for phishing scams – a phishing scam is an email or website that’s designed to steal from you. Often times, a hacker will use this email or website to install malicious software onto your computer.