In today’s digital based society, everyone must take measures to safeguard their data. Every week in the news, large corporations are hit with major cyber attacks. You may wonder how you can keep ahead of the cyber-criminals if these companies are hit. Fortunately, cybersecurity does not have to be a daunting task. In fact, there are many things you can do to keep from getting in the news like those other corporations.
Do you want to be free from cyber attacks?
Check out the main five things you can do with any budget and with any organization size:
Back up your data.
Make regular data backups, and test to make sure they can be restored. This will give you peace of mind from any cyber attacks such as theft, fire, ransomware, and physical data damage. Additionally, test to make sure there are no access issues regarding your back-ups. This will reduce the anxiety of any data loss. The correct steps for data backup go as such:
- Identify what needs to be backed up, and how often. Normally this will include documents, photos, emails, contacts and calendars. Try to limit your back up to a few common folders. Make data back-up part of your anti cyber attack routine.
- Ensure the device containing your backup is not the same resource that is responsible for the original copy, neither physically nor over a local network.
- Consider backing up the cloud. This means your data could be stored in a totally separate location that is physically away from your offices and devices. This way, you will also be able to access it quickly, from anywhere.
Keep your smartphones and tablets safe.
Smartphones and tablets need more protection because they often access a variety of networks that are outside of a business environment. When we deviate from our own secured networks open ourselves up to critical cyber attacks.
- Switch on PIN/password protection and fingerprint recognition for mobile devices.
- Configure devices so you can track them if they lost or stolen. Make sure you can remotely wipe or lock them.
- Keep your devices and all installed apps up to date, using the automatically update option if available.
- When sending sensitive data, do not connect to public Wi-Fi hotspots if at all possible. Use 3G or 4G connections. This includes tethering and wireless dongles and VPNs. Unfortunately, this means giving up using the public WIFI at Starbucks.
- Replace devices that manufacturers no longer support. Alternatively, use the version that has recent updates.
Prevent malware damage.
One of the most infamous cyber attacks are malware strands. You can protect your organisation from the damage caused by deceptive malware (malicious software, including viruses) by adopting some simple, low-cost techniques.
- Use antivirus software on all computers and laptops. Only install approved software on tablets and smartphones, and prevent users from downloading third party apps from unknown sources. If your staff wish to use unauthorized software, make them contact your IT staff, and have those staff members install the software if it’s found to be legitimate.
- Patch all software and firmware by promptly applying the latest software updates provided by manufactures and vendors. Use the automatic update option when available. Pay attention to any problems or issues that might occur during the automatic update process.
- Control access to removable media such as SD cards and USB sticks. Consider disabling ports, or limiting access to sanctioned media. Encourage staff to transfer files via email or cloud storage instead.
- Switch on your firewall to create a buffer zone between your network and the Internet.
- Educating your team is always important. Therefore, have them take classes on an annual basis which will educate them on the threats of malware and how to avoid them.
Avoiding phishing attacks
In phishing attacks, scammers send fake emails ask for sensitive information such as bank details or they containing links to bad websites. In this situation, follow these steps to avoid disaster:
- Ensure staff does not browse the web or check emails from an account with administrator privileges. This will reduce the impact of successful phishing cyber attacks.
- Scan for malware and change your passwords as soon as possible if you suspect a successful attack has occurred. Do not punish staff it they get caught, as that will discourage people from reporting in the future.
- Check for obvious sings of phishing, like poor spelling and grammar or low quality versions of recognizable logos. Does the sender’s email address look legitimate, or is it trying to mimic someone you know? Does the email arrive at an odd time? Additionally, can you hover over a link and it see that sends you somewhere you do not recognize?
- Again, educating your staff is key. Make your staff take courses on recognizing phishing attacks and spam on an annual basis.
Use passwords to protect your data.
Passwords, when implemented correctly, are a free, easy, and effective way to prevent unauthorized people from accessing your devices and data
- Make sure all laptops use encryption products that require a password in order to boot up. Switch on password/PIN protection or fingerprint recognition for mobile devices.
- Use two factor authentication (2FA) for important websites like banking and email.
- Avoid using predictable passwords such as family and pet names. Avoid the most common passwords that criminals can guess like password. Remember to keep updated on passwords that are common. If the site offers a combination of capital and small case letters, numbers, and special characters, use those combinations to make your site safe.
- Enforce regular password changes.
- Provide secure storage so staff can write down passwords and keep them safe but not with the device. Ensure staff can reset their own passwords, easily.
- Consider using a password manager. Also, make sure that the ‘master’ password that provides access to all your other passwords is a strong one.
In conclusion, following the advice in this article will increase your protection from cyber attacks. These steps are easy to do and require little investment. As with many of them, staff education is the key. Make sure your staff understand the severity of cyber-crime and give them tools to fight cyber attacks.