Simon Kelf, CEO of BCN Group, explains how business owners and IT managers can fight off the significant rise in cyber attacks
The global pandemic has forced businesses to roll out their digital transformation plans at pace and while this is to be welcomed. The speed at which organisations have implemented and deployed new technologies, systems and processes has made them exposed to cyber security attacks by criminals.
The rise in cyber attacks and hacks over recent months is alarming as cyber criminals look to exploit new weaknesses and vulnerabilities that have emerged through businesses being forced to send staff and employees home to continue their work.
In order to mitigate the risks of falling victim to an attack it is vital that business owners and IT managers understand the potential vulnerabilities in their networks, systems and processes and the steps they can take to better protect themselves.
The main threats that businesses currently face are as follows:
A Distributed Denial of Service attack is where your network and systems are overloaded with requests from a hacker in order to crash the sever and take your network, systems and/or website down. The hacker will then issue a ransom to call off the attack.
This is where the cyber criminal sends an official looking email to employees containing a link. If they click the link within the email, the hacker gains access to their computer and your network and systems.
Unauthorised device access
This is when a hacker gains access to a device that is connected to your network and system. This can be through a device being left unattended in a coffee shop or because the employee is using a personal device and it is stolen.
More and more businesses are becoming comfortable with a BYOD policy, so they need to ensure they separate the personal data from the business data/apps. InTune is an effective technology that can help with this.
Your staff are your first line of defence and hackers know this, which is why so many successful breaches are a result of human error. Most businesses do not provide their staff with sufficient cyber security training and cyber criminals are very much aware of this.
Additionally, the threat from within can be made by mistake but also could be made with malicious intent also. Companies need to be aware of deliberate theft of data from persons within who could be setting up for themselves or moving to a new employer. Also, they could be using unauthorised sharing platform to share documents (also known as Shadow IT).
While undertaking a digital transformation will have improved cyber security in some ways, now is the time to undertake a full cyber security audit to ensure the highest possible standards are being met at a time when the number of attacks being launched continues to rise.
With an understanding of the threats being faced – those listed above – business owners and IT managers must ensure they are doing the following if they are to ensure cyber security best practice and stand the best change of mitigating an attack.
Employees must only use work devices, including smartphones, tablets, laptops and desktops. This way, you can be certain each device has installed the software required to fight cyber attacks and that the software is up to date at all times.
Work devices should also use two-factor authentication and employees must not allow unauthorised users – partners, children, etc – to use their work devices. To be clear, in under no circumstances should employees use personal devices for work.
Virtual private network
A VPN is a secure network where staff and employees can access, send and receive sensitive data and information, as well communicate with one another. It is far more secure than using standard public connections and networks.
You will need to make sure your VPN is stable and secure and to do this you will need to hook it up to a firewall. You may also need to increase the bandwidth of your VPN while staff work remotely. This is easily done, and you can scale down usage when required.
Migrating to the cloud allows you to offer safe and secure office-based and remote working, and again with the option to scale up and scale down usage each month in line with demand. The cloud is encrypted, more secure than on-premise and is generally more seamless.
Regular staff training
There is absolutely no point in meeting cyber security bast practices if your employees do not understand the threats being faced, how they are being mitigated and the key role they play in preventing successful attacks and hacks.
Regular staff training is therefore an absolute must. Training should cover everything from the types of cyber attacks, what they might look like, how they should respond and other areas such as device management and security.
By understanding the threats being faced and the ways they can be overcome, business owners and IT managers can better protect their organisations and systems at a time when we are seeing an unprecedented number of attacks and hacks by cyber criminals.