Ten Steps to protect you from cyber attacks
Most Australian small-medium businesses owners rate cyber security as extremely important yet few take some of the simple steps below to prevent a cyber attack on their company.
Common cyber threats such as phishing, ransomware, ID theft, Data leaks, Denial of Service etc are on the increase and can cripple your business and damage your reputation.
Here are 10 simple things you can do to protect your business from cyber threats.
The Ten Steps
1. Update your software
It sounds simple enough but how often do we click ‘remind me later’ when the software update pops up? Updates can contain vital security patches needed to protect you from the latest online threats.
2. Backup regularly and securely
Unless your business has a backup plan in place this is something else that is also often put off till tomorrow. Find a backup and storage method that suits your business needs and is secure against loss, damage or theft. The cloud makes backing up easy to manage and minimizes the need for human intervention. In the event of a cyber attack, regular, secure backups enable you to recover your data and get back on your feet quickly. Read more about data backups here.
3. Encrypt your data
Data encryption converts your readable data into an encoded form that requires a key or password to decrypt it – making it harder for cyber criminals to use your data. Software such as BitLocker or Sophos encrypts your data beyond what your physical device may already offer. When copying data to USB devices make sure you’re using USBs that offer encryption such as IronKey, ScanDisk and Kanguru. When you copy a file to an unencrypted USB drive or send it via email that file is no longer encrypted.
4. Start at the firewall
Your firewall is your first line of perimeter security, detecting and blocking attacks coming into your business network. Managed firewalls stop viruses and malware from entering but they must be constantly monitored in order to be effective. You should test and audit your firewall regularly to maintain its health and strength.
5. Train your staff
Human error is often a gateway for cyber attacks into a business. Creating weak passwords, clicking or sharing unsecure emails, downloading games or untrustworthy files, using public wifi while working with sensitive information, are common ways that malware gains entry to a device and the data on it. When that device connects to your network the risk of your data being exposed becomes a very real possibility.
6. Choose your partners carefully
A weak link in your armor can make your business unnecessarily vulnerable. If you’re using a managed IT service provider make sure that they are following best practices such as regularly applying patches, training their staff in the latest threats, responding quickly and being proactive about your security. If you’re managing your own IT, check that the software partners you are using in your business are trustworthy and secure, you have the appropriate firewall configurations in place, backups are securely executed and stored, and antivirus software is correctly installed and updated, amongst other things.
7. Do regular risk assessments
The first proactive step in protecting your company from a cyber attack is establishing a baseline of security. Audit your current level of security, areas of vulnerabilities and what needs to be done. These assessments should then be done frequently to maintain your security and identify new risks. 9spheres Technologies offers a free risk assessment to potential clients.
8. Get endpoint security (useful for work from home companies)
Endpoint security protects the user’s device from key logging, screen capture and phishing, amongst other attacks. Even if that end device is infected, when it connects to your organization’s network, those threats are not able to access your data. This is particularly useful as more and more employees work from home and are accessing virtual work spaces such as Citrix, VMware, AWS, etc.
9. Consider cyber insurance
Cyber insurance can now be regarded as a business critical insurance because statistics show that the likelihood of making a claim within a cyber insurance policy are now just as high, if not higher, than making a claim under a normal business insurance policy. At minimum a cyber insurance policy should provide a 24/7 breach response service (including IT forensic services), breach response management, credit monitoring, public relations crisis management, civil and regulatory defense costs and penalties, cyber extortion costs, business interruption cover and cyber terrorism.
10. Hire dedicated cyber security management
Most SMBs honestly don’t have the time, manpower or expert skills required to effectively prevent a cyber attack against their business. A managed security service provider offers you trained, certified experts who evaluate your risks up front, get you protected and then proactively monitor and maintain your online security 24x7x365
1 in 5 business owners don’t know how ‘phishing’ works. Do you?
Take our quick quiz and see if you can spot the scams.
At 9spheres we have been taking care of cyber security for businesses in and around Brisbane for over 10 years. We are cloud experts helping you to avoid expensive hardware, software and personnel. Our expert team uses comprehensive multi-layered security to protect your business.
Contact us to discuss your security needs and get an assessment of your current level of vulnerability.
Enjoy our blog?
Feel free to read more of our high quality, technical articles to improve your IT knowledge.