The importance of cyber security is not to be underestimated by any business, no matter the size. But what is cyber security? And, are you aware of the cyber security basics that can keep your company safe? We answer both of these questions, discussing the different types of cyber protection needed to ensure your company isn’t left vulnerable to any form of cyber-attack.
What is cyber security?
Effective cyber security methods can be defined as a collective approach across software, technological equipment, programs, devices and networks to keep the functionality of equipment, systems and data safe. To create a successful defence, particularly for businesses, employees, technology, and procedures need to be harmonised and work together in order to protect the organisation.
Importance of cyber security
Cyber security is important for everyone, as it protects valuable data and your systems from damage or theft. For businesses, particularly those who hold personal or sensitive data on their customers or employees (medical information, for example), an effective cyber security approach is imperative to ensure systems aren’t penetrated and data isn’t stolen and exposed to others.
Overall, in today’s world, where our data and systems are connected across devices and various networks, more than ever, it’s important that cyber security basics are practised and understood by all employees within businesses.
Cyber Security Basics to Consider
- Cyber Essentials
It’s not enough for businesses to have effective cyber security in place; demonstrating to your customers that their data is safe with you is also important. The best way to learn about cyber security basics is to consider Cyber Essentials.
This government-backed scheme provides you was the basic knowledge of cyber security and helps you put this into practice, giving you access to resources and certification to project your industry-supported cyber policies to customers and the world.
It’s worth bearing in mind that this will cover the very basics of cyber security at a low-cost implementation. Should you wish to protect your company effectively, we’d recommend seeking professional and ongoing IT Support to ensure you’re protected from every angle against cybercrime.
- Passwords and Two Factor Authentication
It may sound like a very simple cyber security tip, but you’d be surprised how many people’s emails get hacked because of lack of protection either from a weak password or from no authentication being set up.
Two Factor Authentication:
All the email addresses and cloud systems you have need to be protected effectively in order to avoid cyber-attacks. Multifactor Authentication (MFA) and Two Factor Authentication (2FA) are really easy to set up and use but provide solid protection for platforms where logins are required.
When logging into an application, once you’ve entered a username and password, you also need to enter a code that can be found on your 2FA app on your phone or device. Without the code, the login details are not enough to grant access. This can be set up to be done every time you log in to your application/device or if a login from an unregistered or unrecognised device has been detected, depending on the level of protection you require. 2FA falls under the umbrella of MFA, with two layers of protection being the minimum. Extra layers of authentication can be added depending on your business requirements and needs.
Ideally, passwords need to be long and contain both upper and lowercase letters, numbers and symbols in a random order to make them strong and hard for cyber criminals to guess. In addition, different passwords need to be attributed to a different system and app logins. We appreciate that remembering various complex combinations can be hard, and it’s not something we suggest. Opting for a password management tool is the best way to apply secure passwords to all your different platforms without worrying about remembering them all. You could also try the ‘three random words’ method that the National Cyber Security Centre recommend. This method is a good option if you’re unable to use a password manager. All you have to do is combine three random words together to form a password that’s much easier to remember then those that are computer generated but is also unique.
Remote Working Cyber Security Basics
After the COVID 19 pandemic hit, we all became very accustomed to working from home (WFH) or remotely. However, looking towards the future, it looks like remote working and/or a balance of home and office work are continuing for many businesses.
So, how do we tackle cyber security when WFH? You can find our full list of recommended tips for remote working cyber security on our blog post dedicated to the topic. First, however, here are a few quick notes on what to consider to help protect your business:
1. Data and document storage needs to be centralised, easy to access and secure to ensure that nothing goes amiss or is saved in a place vulnerable to cybercriminal exposure.
2. Ensure employees don’t use work equipment/networks for personal use by providing employees with specific devices for work when remote working. After all, how can you control work security if you’re not in ownership of the device being used?
3. Wi-Fi security is important. Be sure that employees make things as difficult for cyber attackers as possible with complex passwords, renaming the Wi-Fi name so it’s not as easily associated with them and enabling encryption where possible.
4. Consider the safety of video conferencing platforms such as Zoom and ensure the platform you’re using is data encrypted to keep the information exchanged only between those attending the calls.
5. Policy is important to cover at home cyber security basics. You may need to have a separate policy just for cyber security when home working to ensure that employees feel comfortable with working equipment and being proactive in preventing cyber-attacks from happening.
Different Types of Cyber-Attacks
The importance of cyber security is truly appreciated by those who have been targeted and suffered from a cyber-attack. As a business, the repercussions of a cyber-attack could be devasting. It can be hard sometimes to even know you’re a victim of cyber security until the consequences of the attack come to light later down the line. So, we can all agree that it’s essential for everyone in the business to understand and be aware of the different types of cyber security attacks and how they can prevent them.
Here are a few types employees need to be aware of:
This form of cyber attack occurs when your device’s system has malware installed to encrypt all of its data and deny the user access to all files and folders, essentially stealing all the data and information for the device. To get the data back, the cyber criminals require you to pay a ransom, hence the name of the attack, ‘ransomware’.
However, as a business, there are many other concerns you have as a result of ransomware, as downtime and losing customers are potential possibilities. Ransomware attacks can occur to any vulnerable business, no matter the size. Usually, ransomware infiltrates a business via a phishing email – one click on a link within the email and the ransomware is unfortunately installed on your computer.
To find out the best way to prevent and protect your business from ransomware, take a look at our blog post that explains all.
Usually presented in email form, phishing attacks occur when you unknowingly click links that give cybercriminals your credentials and the information they need to gain access to information and data on your computer. For example, the link could prompt you to enter your login details. Or, you could click the link, and it installs malware such as ransomware on your computer. Either of these positions can leave your business extremely vulnerable.
Phishing emails are usually presented in disguise and appear to have been sent by a brand or company you may know or recognise. For example, ‘Microsoft’ asks you to log in to fix a problem or ‘Amazon’ sends you a delivery tracking link.
So, how do we prevent these cyber criminals from breaching the system? In two ways:
– Spam Filters
Make sure the settings in your spam filters are updated and include emails from anyone outside your company or regular customers/clients email addresses. You can also purchase additional protection for popular email systems, with the recommended protection for Microsoft 365 emails systems being the Advanced Threat Protection (ATP).
– Cyber Security Basics Training
It is key to know what to look for, so you can avoid these attacks should they filter through to your employee’s inboxes. It can be hard to spot the difference between real communication from a big brand and a phishing attack, as these criminals invest time into ensuring they present themselves in exactly the same way to try and reel people in. Training provides employees with the tools to be able to identify a phishing attack email, so you don’t need to worry about rolling out emergency damage control following a link click.
For a step-by-step breakdown on preventing attacks once a phishing link has been clicked, please read our guide.
- Impersonation Fraud/Spear Phishing
For employees in businesses, impersonation fraud is usually presented in the form of a CEO, managing director or someone senior within the company. As a spear phishing attack, this type of cyber attack involves communication (usually an email) to be presented as bait. For example, an employee in the payroll or finance department may receive (what appears to be) an urgent email from a senior member of the business asking them to pay a large sum of money into a fake account. Unknown to the recipient, this account belongs to the cyber-criminals.
To the untrained eye, the email would appear to be legitimate and authentic based on the research done by the attackers on the sender. Even the email address would be almost identical with perhaps characters in the wrong place or a letter or number missing, which, when you’re checking your emails quickly or trying to complete what
appears to be an urgent task set by the company’s CEO, can easily go unnoticed.
The main thing to remember about cyber attacks, regardless of which type of attack it is, is that these cyber criminals have substantial experience in what they’re doing and know all the tips and tricks to try and get employees to open and click emails, type in their login details or even transfer money straight into their account. So being aware and creating a line of defence against these criminals with the relevant software is advisable; however regular training on cyber security basics for your employees is the best way to ensure they’re up to date and aware of the role they can play and responsibility they have to prevent a cyber-attack on the business, whether in the office or when working remotely.
Having a cyber security policy is important, which is why we recommend introducing and organising regular training updates for the team as a part of that policy. Not only does this keep your employees up to be speed on the best way to spot and prevent attacks, but it also makes business partners, customers/clients and stakeholders know you’re doing everything you can to protect the data on your company’s devices with a strategic and effective defence for all types of cyber attacks.
We hope you now fully understand the importance of cyber security in business and how the best form of defence is to put cyber security basics into practice throughout your entire business. Remember, cyber criminals attack those they believe to be vulnerable; the size or nature of your business doesn’t determine whether or not you’ll be targeted. However, with a workforce and devices prepared to withstand such attacks, you’re in a much better position to avoid the damage that can be caused by them.
For information on our cyber security and IT services or how we can help diagnose the level of security within the IT systems of your business, please contact our friendly team of experts today. Or, if you’d like to learn more about cyber security within business, check out the Integral IT YouTube channel and watch our quick and easy videos.