Cyber security is still a hot topic. However, as statistics from the Department for Digital, Culture, Media & Sport shows, there’s still a lot of work to do. Even though the majority of businesses appreciate the importance of making cybersecurity a priority, only a few businesses have taken concrete steps towards this goal. As the DCMS Cyber Security Breaches Survey found out, only 20% of UK businesses have put staff through cybersecurity training. With human error/behaviour being the leading enabler of cyber security breaches, and as the cost of each attack rises, organisations need to create a robust digital safety culture.
With that said, every business must understand the most common sources of cyber threats facing businesses today. They include;
The people who work in businesses are the number one weak link in cybersecurity – by a long way. Employees are without a doubt the greatest liability in cybersecurity. From opening malicious emails, clicking links to downloading malware-infected documents and falling victim to business email compromise (BEC), it is no secret that poorly trained employees end up costing businesses a lot of money.
To tackle this problem, employers cannot just get rid of employees – this is not a sustainable solution. Educating employees on cybersecurity risks, on the other hand, is a more effective strategy. Employees need to understand the risks posed to businesses by poor cyber security practices. Regular and robust cyber security training can help employees unlearn unsafe practices and be on guard.
Passwords are another weak point. It is very easy for malicious individuals to guess or put together weak passwords. In contrast, strong passwords, with two-factor authentication if possible provide greater security. It is also important to sensitize or insist to your employees that they must not re-use passwords from other online accounts for their work purposes. You can also implement an IT policy that requires employees to change passwords every 30-60 days. Lastly, although it might seem obvious, it is important to remind your employees not to share their passwords with anyone including close family or friends and even fellow employees.
Every business needs to keep their software up to date. This became clear in the WannaCry attack where the malware exploited a vulnerability in the Windows operating system and spread across corporate networks without any user interaction. What is peculiar about this attack is that it could have been avoided – as reported by the BBC. The patch for the vulnerability exploited by WannaCry was released by Microsoft in March – the WannaCry attack happened in May. If businesses had applied the patch sooner, the effects of the attack would have been minimised.
What is even more worrying is that, even after the WannaCry attack that was highly publicized, another attack, Petya, also happened in June – using the same vulnerability as WannaCry. Even though there are reservations as to updating software in large and complex organisations, incidents like these underline the importance of ensuring your systems are up to date.
As businesses seek more integration with their stakeholders such as vendors and suppliers, they now have to worry about the cyber security protocols or these organisations they exchange data with. Even though your business might have strong cyber security practices, attackers could still access your network if one of the companies you deal with is compromised.
To tackle this threat, you can safeguard your business through network segmentation or dedicated servers specifically for vendors so they do not connect directly into your company’s network. If this is not feasible, you can start by having a conversation with potential vendors about their cyber security measures and the measures they have in place before you start doing business with them.
BYOD – Bring Your Own Device (Trouble)
Understandably, many businesses are embracing BYOD. By allowing employees to bring their own devices, businesses can reduce costs, increase flexibility and convenience of their workflow. However, this also brings in a fair share of problems.
Some businesses hop onto the BYOD trend without fully evaluating the security risks associated with this trend. Employee devices are not likely to have the same level of security as corporate devices. As such, they are like sitting duck for malicious individuals. If you choose to allow BYOD in your business, it is imperative that you also employ a strict BYOD policy that all employees should comply with. Steps like ensuring employees have two-factor authentication on all of their work accounts and only allowing access to company networks through a VPN (Virtual Private Network) are proactive steps that will greatly improve the security of your business network.
Businesses are facing a wide range of cyber security threats at the moment and signs show that this will only continue. As such, it is imperative for all businesses, small and large to employ comprehensive security tools and also increase Security Awareness Training to prevent and mitigate these threats. View our cyber security services to see how we can help your business avoid cyber breaches and attacks.