6 Top Tips to Prevent Cyber Attacks
What do Sports Direct, BUPA, Equifax, NHS and TalkTalk have in common? Well, they are all victims of Cyber attacks. The bad guys stole millions of records from these companies. The latest of these victims is Equifax and at the time of the writing of this article, there are more than 30 Lawsuits filed in US on Equifax (read the news article here). Bad guys have stolen personal information for 143 Million Americans in one of the largest hacks ever. The breach reduced the Equifax market value by $3.5bn in just two days.
This can happen to any of us. Especially if we take a reactive approach to our Information security. We have approached many companies offering help and more often we get a response saying 'I think our network is pretty secure and nothing happened to us so far'. There are companies who can afford a dedicated resource to secure their data but this comes at a cost. So, what can we do to prevent it from happening? It would be great to have just one solution that fixes everything but sadly that's not the case. It simply doesn't work that way. Here are a few simple steps you can take.
- Network Firewall
Invest in a proper network firewall and do not open the ports that are not needed to be open. If the firewall supports you can also turn on the SMTP [email traffic] filtering. You can find out more advice to select the right antivirus solution for your business here.
2. User Education
No matter what firewalls, Anti-virus software and other protection you use user education is vital. Most of the recent attacks were happened just because of an user clicked on something they shouldn't have or opened an email attachment they shouldn't have. Have a training program in place for your users. These days you can train your users through online training and via consistent reminders. You can even run phishing tests yourself to see how many users are still clicking the links and if the training program works. Find out which training solution is best for you here.
3. OS & AV updates
Make sure your Operating System [more likely, windows] is up to date. Stop using dated Operating Systems unless you have no choice. Unless you have a reason to be Windows 7 upgrade your network to Windows 10. It's much faster a more secure. Your IT department will look after this for you but if you don't have one, ask your IT provider. Keep the anti-virus [AV] up to date. Most AV software update over Internet every few mins or you may have an update server sitting in your IT room. Whatever the case might be, make sure your AV is up to date. AV vendors generally know what's happening around the globe and release updates as soon as.
4. Email Filtering
As mentioned above, Most of the recent attacks are the result of an user action taken within emails. Either clicking a link in the email or opening an attachment. Hence an email protection can really help. It filters out the junk and stops it before you even notice it. You can get the service for as little as £1 per month per user, your one day downtime will be more expensive than that.
5. Backups & Disaster Recovery
The fact is, bad guys adopt faster than us. Regardless of how many proactive measures we take sometimes, we will fall short. I hate to say this but unexpected might happen at times. The best strategy to get back in business in an event like this is to have proper tested backups. When did you last take you backup and when did you test it? Do you have a Disaster Recovery plan for your IT? If your building disappears tomorrow how quickly can you get back your data? Do you have a copy of your backup off-site? These days you can do cloud backups at a very minimum cost.
6. Save files on server
This is a follow up to the point made above. Save all your working files on the server or OneDrive or Dropbox whatever you use. Don't save them on your desktop. Your servers are backed up regularly and they keep the files for months which means you can restore the data if the something bad happens as well as you can go back in months to restore an earlier version of the file.
If you need help in preventing cyber attacks in your business or just want some advice, get in touch with one of our experts here who will be happy to help.
Cyber Essentials Plus accreditation/certification explained
The article dives deep into what Cyber Essentials Plus accreditation/certification is, the requirements for the certification, cost and the process to achieve it.More
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What is the process for Cyber Essentials Plus Certification?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in the process.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
FOR LATEST UPDATES SUBSCRIBE HERE: