Nov 6th, 2020
Want to learn how to protect your company from cyber attacks? Protect Box answers your questions.
It’s taken as a given that most cyber attacks could have been prevented – and this is borne out by the evidence. A 2019 analysis suggests that almost all cyber attacks over the previous year were entirely avoidable – and predictions for the year ahead are painfully similar.
So, it’s important to invest in protection from new and on-the-horizon threats like weaponised AI and poisoned machine learning data, but you should also make efforts to shore up the foundations of your cybersecurity strategy.
After all, what’s the point in investing in state-of-the-art threat detection systems if your employees leave their devices unattended or are vulnerable to phishing scams?
Below, we’ve outlined five key areas where businesses often fall short cybersecurity-wise, and how you can avoid doing so.
How to Protect Your Company from Cyber Attacks
1. Staff Training
Understanding how to protect your company from cyber attacks involves understanding your biggest potential liability – your employees. In a significant number of cases, cyber criminals gain access to your company’s sensitive information by manipulating those that work for you.
If you offer your staff appropriate training, you can cut this risk significantly. Provide all employees with compulsory cybersecurity training as part of their onboarding activities. Go one step further and enrol everyone on annual top-up sessions.
How to Protect Your Company from Cyber Attacks with Staff Training
The type and level of training you offer will depend on the nature of your business, but at the very least, the following should be included:
Password health: setting strong passwords and changing them regularly
Device security: locking devices whilst away from desks, using screen shields in public places, locking up devices securely at the end of the working day
Identifying social manipulation attempts: identifying and reporting phishing scams and potentially malicious links in emails and social media messages
Reporting protocols: what to do and who to report to in the event of a security incident
Whistleblowing: how to report concerns about security protocols further up the line of command
2. Key Processes
Well-built processes are everything, cybersecurity-wise. They ensure that everyone receives appropriate training, everyone knows what their cybersecurity responsibilities are, and everyone understands their role should a data breach occur.
When considering how to protect your company from cyber attacks, we can divide cybersecurity processes into two main camps:
- Everyday processes such as employee training, installing patch updates and running regular scans for security threats
- Emergency processes such as security incident response or data recovery plans
Everyday processes should be documented in writing, even if they seem mundane – this helps make sure they are followed to the letter every time.
Meanwhile, emergency processes should be planned around numerous scenarios. Start with the ‘worst case’ path an incident could take and work backwards from there through medium to low risk scenarios. This will help you cut response time and act quickly in the event of an incident.
Everyday and emergency processes should be reviewed regularly, both to make sure that they’re still effective as cyber threats evolve, and to keep ahead of industry regulations surrounding data breaches and loss of private information.
In the 2020 Data Risk and Security Report by Netwrix Research Lab, 30 percent of system administrators admitted that they have granted direct access to sensitive and regulated data based only on a user’s request. Don’t assume your organisation has it sorted until you have conducted a thorough audit – it’s all too easy for errors like these to slip under the radar.
To minimise this risk, keep access to sensitive data on a strictly need-to-know basis. On top of this, use identification and verification (ID&V) software to make sure that those accessing your files are who they claim to be.
Putting these tighter access controls in place increases information security by:
Reducing access points for cyber attackers.
Reducing potential to leak due to employee error. Fewer employees with access means fewer people that can leave their work laptop on the train for example.
Reducing scope for intentional leak due to malicious employees (Verizon’s 2020 Data Breach Investigation Report suggests that a significant 30% of data breaches were due to internal actors).
Making it significantly easier to identify the source of a leak. It’s much easier to take corrective action if you know that one of five user credentials has been breached, rather than one of fifty-five.
Adding an extra layer of security – ID&V software should use two-factor authentication to make it more difficult to hack in via stolen credentials.
4. Remote Backup
Plenty of security breaches are physical in nature.
This means that rather than gaining access to data digitally, cybercriminals hack into the system directly via one of your physical devices. This could be a lost or deliberately stolen laptop, or via access to your backup servers.
Part of reducing risk here is to train your staff in good device security.
Other ways to make sure your data is physically secure involve good backup practices, and finding solutions that will get you on your feet quicker in the event of a breach.
If you run an onsite server room for backup, you run the following risks:
- Accidental data loss in the event of a natural disaster like floods, fires or storms
- Data theft or deliberate server damage via break-in
- Shut down of backup servers during a cyber attack
Storing data remotely means you can regain access in the event of a malicious attack, or if your onsite systems are compromised due to natural disaster.
The easiest way to do this is via a third-party data storage provider. Whilst at first this might seem counterintuitive, consider what third-party data storage can offer as protection against cyber threats that’s difficult to provide internally:
- Significantly higher physical security than you’re likely able to realise in house. Larger data centres are protected by the full works – think laser detection systems, high-definition cameras, highly-trained security personnel. You might have a security guard and some CCTV, but does it really compare?
- The best experts in the business. Third-party data storage companies’ core competencies lie in data security. This means they have the capacity to employ top-of-the-range cybersecurity experts to keep ahead of all the latest threats. Unless you have a huge IT budget, you might struggle to match this.
5. The Right Software
Investing in cybersecurity software should be done alongside the measures above – it’s not a replacement.
At a minimum, make sure you have up-to-date, functional firewalls, ID&V, antivirus and anti-malware installed across the operating systems you use (‘Macs can’t get viruses’ is a myth that still sadly prevails in 2020).
Data encryption at file level is also useful. In some industries, like healthcare or aerospace/defence, it’s an absolute necessity.
You should also consider investing in:
- Access monitoring software, such as diagnostic programmes and intrusion protection/prevention systems
- Anti-spyware and anti-keylogger tools
- Security information and event management
How to Protect Your Company from Cyber Attacks and Save Hours of Research
To protect your business effectively, it’s important to find a good-fit cybersecurity package. With all the vendors out there, this can take hours of research.
The good news is that you can save yourself the effort with ProtectBox.
ProtectBox matches those in the market for cybersecurity software with the right vendors for them, based on a simple, easy-to-fill out questionnaire about your needs. This takes one-hour max for non-IT specialists (and if you’re a techie you’ll race through it in around ten minutes).
It’s free to do, and there’s no obligation to make any sort of purchase at the end.
Take the survey and protect your business.