Six Cyber Security Considerations For Businesses
31st Jan 2020
With the advancement in technology, cybercrime is also becoming more advanced. Cybersecurity is an increasingly complex subject and something that all companies, regardless of size, needs to consider. Many business owners do not know where to begin to improve their cyber security, so we’ve developed a list of six Cyber Security Considerations for Businesses.
Be aware of Phishing & Malware
Phishing is the fraudulent practice of gathering personal data, typically via a third-party email. They impersonate a company you may already know and encourage the recipient to divulge information. As phisher emails become increasingly sophisticated, staff must be wary when companies request personal information via email or phone.
Most companies state they do not request sensitive information via email, so avoid sharing anything until there is guarantee the request is coming from a reliable and trustworthy source.
Defined as code that has malicious content, Malware can steal or destroy data on a computer, making it a huge cyber threat for companies. Commonly sent as email attachments, ensure staff avoid clicking on links or downloading any attachments that have been sent from unknown or suspicious senders. Ensure robust firewalls are also installed and regularly updated to help combat the threat of malware.
Adopt a Zero Trust Network
Now companies store data on the Cloud, accessing data from anywhere has never been easier. This has led to companies being able to be extremely flexible as staff can now work from home or on the go. However, it also comes with significant potential security risks and additional consideration and protocols need to be in place to ensure your data remains safe.
Many companies are now implementing a Zero Trust Network when it comes to providing a more thorough cyber security plan. In the past companies tended to use the castle and moat system where anyone within the perimeter of the network was deemed trustworthy and they only concentrated on external threats. This is no longer considered to be the best approach as once an attacker gained access to the network, they had complete free reign.
A zero-trust network is an alternative, holistic IT security model, being adopted by many companies due to the changes the transition to cloud computing and more sophisticated hackers. It assumes that no one should be trusted, regardless of whether they are in the perimeter of the network or not, until that person can verify themselves.
A main element of Zero Trust Networks is multifactor authentication which should be implemented wherever possible. Rather than relying solely on a password to gain access, the user must also enter a verification code that has been sent to a second device such as a mobile phone. This provides not one but two pieces of information that can verify who that individual user is, providing an additional layer of protection.
Least Privilege Access is another element. This gives each user the minimal access they require for them to effectively do their job. This means people are not exposed to additional sensitive information that they do not need access to.
Bring Your Own Device (BYOD)
Companies that allow employees to use their personal devices at work in order to carry out professional tasks can pose a cyber security risk, especially if staff connect to public Wi-Fi connections in coffee shops, airports etc. If a company has a BYOD policy, ensure strict rules are in place that all employees should follow.
There are many software packages that may suit a business’ needs when it comes to managing mobile end point, such as mobile phones. Mobile Device Management is a way of applying policies to these devices that control the following:
- User- who is trying to access something
- Location- where are they accessing this from
- Device- what device are they using
- Apps- what are they trying to access
It allows a business the ability to wipe devices remotely and enforce good security practices such as enforcing a pin number on the device. The WV Solutions team can recommend which software solutions will fit your business’ needs.
Employee Training
People still represent the largest security risk within companies. Therefore, train all staff as much as possible. The risk is not always malicious as employees can click on phishing links or download viruses accidently. Therefore, educating employees is one of the biggest measures an employer can take to improve cyber security. Some employees may be reluctant to change however, ensuring cyber security training is a regular, compulsory thing is a step in the right direction. As cyber risks continually adapt and advance, also ensure that the training is kept up to date as well.
Other Companies
It is not just your own company security practices that should be taken into account, it is wise to ensure that any third parties operate rigid cyber security protocols. Seek reassurance from the companies you work with have strong cyber security and GDPR compliant practices in place to provide you with peace of mind. If they don’t, they could be the weakest link in your cyber security.
Business Continuity Planning
Always ensure your data is backed up in case of a data breach. A strong disaster recovery program will incorporate Cloud backups and local offsite backups. In the event of malware or malicious attacks, recovering data from the cloud may be a lengthy process causing business downtime.
It is important to get the whole team involved so everyone knows their responsibilities when it comes to dealing with a business affecting issue, such as a cyber security breach. If a breach were to happen each department will have an important role to control the issue, not just IT. The marketing department would need to deal with any media enquiries, whereas HR would need to communicate the next steps to employees.
These are just 6 factors that businesses should consider, but it is far from an exhaustive list. No matter what your budget is, there are solutions available to your business. Security is not something you should ignore or compromise.
Here at Wright Vigar, our WV Solutions offer cyber security audits to ensure your company remains as secure as possible from cyber threats and protects your IT systems, minimising the risk of data theft and securing your business data.
Visit our page here for more information about our WV Solutions services.
If you are interested in learning more, please contact a member of the WV Solutions team For your FREE non-obligatory chat by calling 01522 531341 or emailing hello@wvsolutions.co.uk.