Last year (2014) 81% of large UK businesses and 60% of small companies suffered a cyber-security breach. (Source: HM Government and Marsh Cyber Security Report)
As businesses increase their reliance on cyberspace – we are faced not only with new opportunities, but with new threats. Keeping safe from cyber-attacks starts with getting the basics right.
Here are the five areas you need to sort in order to protect yourself from the vast majority of known cyber-attacks:
1. Ensure you have properly configured Firewalls and Internet Gateways
Unskilled hackers can easily gain access to your internal systems and machines using ‘off the shelf’ cyberattack products if you fail to have a simple firewall in place.
Firewalls and Internet gateways need to be properly configured to allow only pre-authorised in and outbound traffic. Also, where possible, the admin panels for these should not be accessible via the internet.
2. Make changes to default ‘out of the box’ settings
Computers and Network Devices often come ready made with back-holes for hackers to exploit. Simply put, the default configurations are not secure. For one, they often make use of publically known passwords on accounts with administrative functionality.
Make sure you configure the devices properly and change any default passwords to something more secure.
For tips on creating a strong password click here.
Or take a look at software such as LastPass which automatically generates secure passwords and stores them safely for you.
3. Limit the number of users with full access control
Accounts with administrative controls are top priority targets for hackers. Should they gain control of an account with full access control, they can inflict massive damage to devices on your network.
Limiting the number of users with full access control and ensuring that these accounts in particular are well protected will greatly decrease the chance of a basic cyber-attack being successful.
As such, any new user accounts should be subject to an approval process. Access should only be granted to features for the users that really need them, and a record of who has access to what, and why, should be documented.
4. Take Good Browsing as well as Anti-Virus and Malware Clean-up Software Seriously
Computers and devices are vulnerable to software programs designed to deliberately carry out unauthorised actions. Common types are computer worms, viruses and spyware.
Your first line of defence against all types of malware is of course good browsing habits and common sense. Devices are often infected as a result of human action – opening a malicious link in an e-mail, or downloading a program from the internet which comes with an unwanted side effect.
As well as encouraging good browsing practice, Malware, and/or Anti-Virus software should be installed, kept up to date, and set to perform regular scans of all your devices.
Did you know?
A Computer Virus is just one type of Malware.
Most of the top-rated Anti-Virus programs (free and paid) protect against more than just Viruses. However additional software may be required to remove any malware the Anti-Virus software misses.
For more on Malware and Viruses, as well as which Anti-Virus program covers what, see this post from life hacker.
5. Keep software up to date
Out of date software provides a window of opportunity for hackers looking to get hold of your personal details – and otherwise run havoc with your systems.
Software providers are having to constantly update their products to stay ahead of what could be a serious attack if weak points are exposed by hackers. Such an attack could affect all users of their product.
This is why software should be updated as soon as possible after an update or patch is released.
Any programs that are no longer supported should be discontinued or moved to a device that does not connect to the internet.
Having the above under control, according to HM Government, would have stopped the vast majority of basic cyber-attacks for which they have data from succeeding.
Some attacks, of course, are more sophisticated. And it is now also possible to purchase cyber security insurance policies which help protect a business from the financial loss associated with a cyber-attack.
If any of the points in this article are of concern to you, and you’d like to look at all the possibilities of better protecting your business from cyber threats. Please get in touch by calling 0131 662 6868 or emailing firstname.lastname@example.org
Note: The information contained within this document is general information only and believed to be correct at the time of publishing. It cannot be relied upon as advice or information in respect of any individual situation.