While it’s safe to say that technology has revolutionised the business world, we must also recognise how it has enabled new and improved ways for cyber criminals to commit crimes. For this reason, it is now more essential than ever for businesses to adopt cyber security best practices.
While it’s safe to say that technology has revolutionised the business world, we must also recognise how it has enabled new and improved ways for cyber criminals to commit crimes. For this reason, it is now more essential than ever for businesses to adopt cyber security best practices.
Gartner’s 2022 Cyber Security Report states that 88% of boards now regard cyber security as a business risk rather than solely a technical IT problem. This statistic speaks to the ever-pressing need for all key stakeholders to be well acquainted with cyber security best practices, regardless of their level in an organisation.
So, if you’re concerned about cyber security and want to know how to protect your business from cyber attacks, this guide has all the answers you need.
The importance of cyber security protection
It is well known that IT security plays a pivotal role in the success of a business — particularly in its ability to be resilient and future-proof. Without effective security measures in place, businesses are far more susceptible to cyber attack — a crime that can be devastating.
Not only can cyber attacks result in significant financial loss and a loss of productivity due to business downtime, but irreparable reputational damage can occur too.
Assessing the impact nationally, according to the Government’s 2022 Cyber Security Breaches Survey, a shocking 39% of UK businesses reported cyber attacks in the 12 months prior to the study. Without effective cyber security measures in place, your business could join this statistic.
Our top cyber security best practices
To make sure that your organisation remains well-defended against the ever-evolving guiles of cyber criminals, use the following list of best practices as a guide.
1. Use a firewall
A firewall is essentially the first line of defence against cyber attacks. It establishes a protective barrier between your business’s data and cybercriminals attempting to access it.
While an external firewall is standard procedure, many of today’s businesses also install internal firewalls for additional security. If employees have access to company data on their own laptops – if they work at home, for example – you also need to ensure they have a firewall installed.
Web & email filters
Use website and email filters to hinder hackers and prevent spam from filling employee inboxes. You can also install “blacklist” software to block users from browsing unsafe websites that could be a malware risk.
While it may seem like a no-brainer, you should also warn your employees about the risks of sites associated with cyber attacks, such as gambling sites or social media links. Again, this may seem obvious, but all it takes is one person to visit a website or click the wrong link, and your company systems are vulnerable to malware.
2. Monitor employee data access
Limiting access to valuable company data reduces the likelihood of human error, which happens to be the number one cybersecurity threat. Your employees should only have access to the systems, documents, and software logins needed to do their jobs.
If an employee leaves your business or moves to a different company location or department, it's vital to remove or change their access accordingly. By doing so, you ensure as few people as possible can view or use your data — as well as securing your data to prevent any attacks from disgruntled ex-employees.
3. Update your operating systems & software often
When you consider how many different applications and types of software you use every day, there are multiple opportunities for a breach if you fail to keep up with maintenance.
Fortunately, the developers of these products will release regular patches and updates to ensure their programmes are as efficient and secure as possible.
From time-to-time, you will receive a notification asking you to install a new update (or, better yet, you can approve automatic updates). You should never delay or ignore these updates as they often include aspects relating to security — so by ignoring them, you open the door for potential cyber-attacks.
4. Install anti-malware software
In an ideal world, you wouldn’t need anti-malware software because none of your employees would open phishing emails. However, according to the Verizon 2019 Data Breach Investigations Report, 32% of breaches involved phishing.
Clicking a link in a phishing email allows the malware to install on a computer. Therefore it’s vital to have anti-malware software on all company devices as well as your network. Although your employees may be well-versed in the dangers of phishing emails, all it takes is one lapse in judgement or a particularly crafty email to undermine your network’s security.
5. Educate your employees
Educating your employees on your company’s own cybersecurity best practices and security policies is vital for protecting your data and preventing internal threats.
As technology evolves and cybercriminals become savvier, it’s vital to update employees and inform them about new protocols. For employees to be accountable for breaches, they should sign a document stating that they are aware of the security policies and understand action could be taken if they fail to follow them.
Ensuring your team is as cyber-vigilant as possible will significantly increase your protection against IT security threats. As standard, your employees should know:
● What to do in the event of a cybersecurity incident
● What is an acceptable use of business and personal emails while using company systems
● How company data and documents should be utilised in the office or at home
Beyond this, it’s always a smart move to provide your staff with regular training and cyber security materials to keep them up to date with anything vital they should be aware of.
Social engineering & phishing scams
As a subsection of staff cyber security training, all employees should be familiar with the common social engineering and phishing scams, from suspicious emails to fraudulent links.
Social engineering refers to the wide range of malicious activities that occur as a result of human interaction. This can take the form of:
● Baiting: Luring victims into situations compromising their data, such as leaving malware-infected USB sticks around. Online baiting refers to believable ads that, when clicked, cause users to download harmful malware.
● Scareware: This method bombards users with phoney pop-up threats and security alarms (falsely) warning them about the safety of their data which may prompt them to download software (often malware-infected) they don’t need.
● Pretexting: This method relies upon an attacker establishing a level of trust with their victim, usually through impersonation (of a co-worker, police, tax official etc.). From here, sensitive information such as social security numbers and bank records can be gained, which will be later used to steal their identity.
● Phishing: Phishing is one of the most popular methods of social engineering. It is conducted through scam emails and text messages to prompt gullible users to reveal sensitive information, open malware-infected attachments, or visit dangerous websites.
If employees are educated on these common cyberattack methods, they are far less likely to fall victim to them, reducing the risk to themselves and their organisation’s data. Your staff should be receiving adequate, regular training that advises them to:
● Report suspicious emails that could be phishing attempts
● Check all links before they click them
● Stay vigilant when it comes to sharing information or company details over the phone or through email
● Verify the legitimacy of any and all software they download
Regular IT security training for employees will eventually develop a culture of security within an organisation that sees employees independently exercise these best practices without even being told to. Read our blog for more information on the importance of educating your staff on cybersecurity.
6. Use safe password practices
Regularly changing employee passwords may be something of a pain, but a high percentage of security breaches occur because of weak, stolen, or lost passwords.
Although most businesses have a policy regarding passwords, that doesn’t necessarily mean they enforce it. In the digital age, the importance of password-protecting employee devices accessing your network cannot be stressed enough.
The importance of a strong password
Increasingly, simple passwords are being replaced by more sophisticated methods of approval, such as two-factor authentication — and there’s good reason for this.
Over 15 years ago, Bill Gates proclaimed ‘the death of the password’ by pointing out its limitations in keeping data secure. And Gates was right. All of the following factors threaten the security of the humble password daily:
● Password spraying or manually guessing commonly-used passwords
● Shoulder surfing
● Using passwords leaked from previous data breaches to gain access to a system
● Phishing and coercion to discover passwords
● Finding passwords that have been stored insecurely
● Installing a keylogger or intercepting a password in transit across a network
As such it is essential to conform to the increasingly-complex password requirements, change your password regularly, never use the same password twice, and never share it with anyone. Reviewing the strength of your passwords using a strength checker tool is also good practice.
Passwords, if done right, are one of the most cost-effective and straightforward defences against cyber attacks. The National Cyber Security Centre has a comprehensive list of guidance on password safety that you can find here.
7. Make wise connections
If you have remote or hybrid working styles in your business, it is essential to establish best practices when it comes to making WiFi or Bluetooth connections.
It is never a wise idea to connect to a public network, as any information you retrieve or transfer is vulnerable. However, if you absolutely have to connect to a public network (let’s say you’re at a meeting in a cafe), use a VPN or ‘Virtual Private Network’ to encrypt your connection.
Similarly, Bluetooth is an excellent tool but should be disabled when it is not in use. This is because it is possible to hack some devices through Bluetooth, making private information vulnerable.
8. Regularly backup your business data
When it comes to cybersecurity best practice, your business’ main focus will be to prevent as many attacks as you possibly can. Unfortunately, there’s always the possibility of being breached regardless of the precautions you have in place.
Therefore it’s crucial to back up your data regularly — this includes word documents, spreadsheets, HR files, financial documents, databases, and anything else on your network you can’t afford to lose.
You also need to back-up all the data stored on the cloud. Keep in mind, too, that having a backup off-site will protect you against issues such as floods or fires at the office.
9. Seek the help of a professional
A successful cyber attack has the potential to do your business severe and irreversible damage while costing you a lot of money in the process — so it’s safe to say it’s something you’ll want to do your utmost to avoid. Here at ITRM, we offer a vast range of managed IT services that have been helping businesses to maintain and enhance their technological capabilities for years.
Improve your cyber security with ITRM
If you’re concerned about your company’s cyber security and think you could do with an upgrade, our IT security service ensures your customer and stakeholder data is safe and prevents the hassle and embarrassment of a leak or breach.
ITRM Protect is ITRM's bespoke approach to IT security, offering complete protection by securing three critical areas — endpoints, email, and web browsers.
Endpoint protection
Endpoint security ensures Microsoft desktops and servers are protected from viruses and malware.
● Protect every device endpoint
● Laptops, phones, mobile, desktops, and more
● Efficient, effective, and secure
Email protection
Email protection prevents the sending or receiving of viruses, spam, or malware.
● Reduce risks associated with emails
● ITRM Protect filters and scans every email
● Protects inbound and outbound emails
● Regular reporting and statistical overviews
Web protection
Web protection ensures browsing is as safe as possible, by monitoring access and filtering certain websites, such as gambling and pornography.
● ITRM Protect filters all web traffic
● Web filtering, wherever the recipient is
● Websites allowed, blocked, or categorised
● Regular browsing habit reports
Do you want to know more about how to protect your business from cyber attacks? Get in touch today to discuss your IT security requirements with our specialists and find out how we can cater our services to suit your needs.
