October is European Cybersecurity Month (ECSM). If that leaves you cold, then consider that many businesses each year fall prey to cyberattacks. Research suggests that in the first quarter of 2020, UK businesses were under attack from 394,000 unique IP addresses, and more than one attack a minute. That’s up by almost a third on the same period the year before.
It’s estimated that the average cost of a breach of cybersecurity in the UK is £1,410, but in our opinion the cost can be far higher. Consider the hit to your brand reputation and the impact on your customer base if their data is compromised.
So, how can you protect yourself from cyberattacks?
Five top tips for staying safe
- If you have a bring your own device (BYOD) policy, you need good systems and procedures to support that, to ensure they are secure. If you don’t have a policy, you need one, even if that’s just to say personal devices are not permitted.
- Keep all security applications, virus and malware protection up to date – and double check to ensure they are enabled on each device.
- Compartmentalise your network so that only those machines/users that need access get access (for example, restrict access to HR servers to HR staff).
- Within that structure, further restrict access to systems or certain areas of systems to all but those who must have it.
- Invest in cybersecurity training for all staff, and make sure you keep them up to date with regular updates.
There are of course additional considerations when your team are working outside of your regular workplace.
For people to be able to work from home or another location, they need equipment, and access to systems and data.
The devices they use should have the same level of security protection as those used in the workplace. Passwords should be complex and work should be backed up regularly.
When it comes to keeping people connected, then a VPN – a virtual private network – is essential. When a device is connected to a VPN, a secure communication channel is created between the business and the remote location, allowing for safe data transmission.
Being able to access the Internet pretty much anywhere is a huge benefit, but the flipside is that there is risk attached. You can mitigate that risk by sticking to three simple rules:
- Make sure the security software on the device(s) you use is robust and up to date.
- Use complex passwords that include numbers, symbols, and both upper- and lower-case letters.
- Stick to secure websites – look for the padlock symbol and ‘HTTPS’, for example.
Training is an investment
Two things that cyber scammers rely on are lack of awareness, and fear. If someone doesn’t know a link in an email is potentially dangerous, they can go ahead and click it. If someone gets an email supposedly from, say, their Internet provider, bank or HMRC, they can be scared into clicking, or calling and providing details. The thing with phishing scams is that while some attempts are comedic in appearance and easily recognised, others are very convincing indeed.
It’s bad enough when an individual using their own devices falls prey to a scam, but when it impacts on a business, the effects can be catastrophic.
In the US, it’s reported that 70% of employees don’t understand cybersecurity. It is unlikely that the UK is much different. Without a proper understanding of what it is, and the risks and implications involved, people are unlikely to be as vigilant as we need them to be. All the security regulations in the world won’t protect against someone doing something silly because they don’t appreciate the threat.
We’ve been supporting organisations to build secure systems, including cyber security training for their teams since 1994. Get in touch if you want to explore your options when it comes to cybersecurity; we’ll be happy to talk you through them and explain how KCS can become your trusted partner.