"Cyber attack" is a phrase that scares the vast majority of individuals and businesses alike, but it doesn’t have to! Let’s start by exploring what is meant by the terms “cyber attack” and “cyber security”.
A cyber attack is defined as “an attempt by hackers to damage or destroy a computer network or system”. This attack can come in the form of viruses through emails, malware and trojans, all with the desire to access and use your personal/ company data. Something you would like to avoid, right?
Luckily, at Resolve we are experts in cyber security. We have worked with a huge range of businesses and organisations to make sure their systems are secure. So, we’ve got some top tips to help you out…
Manage Passwords
Passwords are often neglected as unnecessary and difficult to remember, resulting in people using one password across multiple platforms. This is highly dangerous. If your password is stolen it leaves all your accounts vulnerable to hacking.
The guidelines are that you should have a different, complex password (including capital letters, numbers and symbols) for every account you have access to. However, to remember a different password for each service you use would be extremely difficult.
The Resolve top tip would be to use a password manager – Lastpass, for example. This makes password management easier as you only have to remember one master password and if one password for a website is compromised you know the others are still safe!
Other recommendations would be:
- Use a password generator to create strong, complex passwords.
- Change any non-unique passwords. Do not use anything that could be easily linked to yourself.
- Ensure your password manager is installed on any devices where you might need access to your systems.
Stay Up-to-Date
This might sound simple, however it is a vital part of cyber security that is quite often ignored. Almost all of the elements in an IT system run on some form of software, some examples being iOS/Android or the software on your router/firewall. Over time people will discover weaknesses and holes in each system that could compromise security. When these weaknesses are discovered the manufacturer releases patches/ updates, and these are designed to fix the weaknesses.
In our experience, the only updates most people are aware of are Windows updates as they happen on their PC. However, there are people who are unaware that their server and routers need updating too. Consequently, there can be weaknesses in IT systems that go unpatched for months or even years.
Our top tip would be to make sure ALL your systems are updated regularly. Perhaps delegate the task to one member or staff, or hire an IT company to schedule them for you.
Install the Correct Software
Data breaches are often caused by malicious software gaining access to a system. What this means is that the software you install is most likely the first and last line of defence. The applies to ANY device that has access to your systems, I am not just talking about access to your server, but it could be a mobile device that has access to your systems or a laptop with a VPN connection.
The device with the lowest level of security acts as a gateway to all of your company data. The results of which can be catastrophic - we are potentially talking about the loss of ALL your company data.
The best way to combat this would be to ensure you have protection at each level. Example of this would be an antivirus solution, such as ESET, installed on your endpoints, mobile and servers.
Another example would be installing a gateway antivirus solution, such as a SonicWall. The is often overlooked, however is one of the most crucial elements of protecting your network. A SonicWall will scan and clean all activity coming in and out of the network – blocking anything it deems harmful.
Other recommendations would be:
- Ensure you have a clear policy on who within the business is able to install applications.
- Make an inventory of all of the devices that have access to your systems.
- If you allow guests/visitors to access the network – set up a Guest Wi-Fi.
Backups
Backing-up data is an essential part of any secure IT infrastructure. Managing backups is so important that if you don’t do it properly, you might as well not do it at all! When it comes to creating your backup plan, you need to think carefully about how and where you are going to store your data.
The top tip for this would be to use the 3-2-1 backup rule. Have three copies of your data, stored on two different types of media, one on-site and one off-site. This protects you against backups becoming encrypted, a media location failure and an on-site disaster such as a fire. Make sure whenever you are configuring your backups that they are encrypted, especially when being stored off-site in media such as a USB stick.
Other recommendations would be:
- Take regular backups – ideally daily. This ensures that you always have the most recent work should your backups be required.
- Implement software, such a Veeam, to allow you to manage your backups.
- Nominate a member of staff, or an outsourced IT company, to manage your backups daily.
- Periodically do a test restore of the data to ensure everything is working as expected.
Educate your staff
User education is a critical part of an overall network security system. You can have the most comprehensive security system in the world, but a simple user error can leave that all in tatters.
Quite often the end-user is one the weakest points of your security system, so educating your users on cyber security is a vital part of the implementation of any system.
The Resolve top tips for educating your users would be:
- Use different passwords for each system you have accesses to.
- Never write your password down and leave it around your desk.
- If you receive an unusual email with an attachment – DO NOT OPEN IT! Most of these are blocked by your antivirus solution, however sometimes some slip through. If you are unsure ask your in-house IT or your IT provider.
Finally make sure that you invest in your cyber security, your training and your in-house systems.
If you have any questions, please do get in touch in the box below!
