Whilst most businesses are making strong progress in their efforts to secure their organisation, we regularly still hear excuses like “we are a small business, we don’t have the budget” or “we’re too insignificant to be targeted” for not taking any measures to increase organisational security. This is quite ironic as according to the 2019 Verizon Data Breach Investigations Report “43% of all breaches involved small businesses”. Also, attackers are inherently lazy and will always go after the easiest targets with the simplest vulnerabilities to exploit. By not making any steps to defend your organisations you’re leaving yourself wide open to attack.
In a world where businesses across the globe, large and small are falling victim to cyber attacks and unauthorised breaches on a daily basis, organisations can no longer assume they are too small to be targeted, or that the solutions they need in order to defend themselves against the growing list of threats are too costly. Every organisation is vulnerable and should be taking steps to protect themselves, their employees and their sensitive data.
Unfortunately we don’t operate in a perfect world where every organisation has the expertise and the budget to invest in every aspect of Cyber Security protection, but there are still a number of measures you can take as an organisation right now to shore up some of your simplest vulnerabilities which cost nothing or very little to implement and will greatly improve your organisations defence against malicious threats:
With more than 90% of breaches attributed to successful phishing campaigns according to Cyber Security firm Cofense, its essential that your employees are provided with the knowledge to effectively defend against these incoming threats.
As a first step, the basics your employees should understand when dealing with suspicious emails or emails from unknown sources include:
Training your staff to be more diligent when opening emails.
Not clicking links.
Not replying to and not opening attachments on emails which look suspicious or are from unknown senders.
In addition, SES always advise providing your staff with proper face to face education from experienced trainers in operational cyber security roles. This allows participants to engage with those who are tasked with helping organisations protect their assets, including systems and data. At minimal time-cost to the organisation.
This two-way training approach engages the audience more effectively, embeds the understanding more firmly and ensures knowledge is acquired through genuine understanding of risks and countering measures, demystifying terminology, providing commercial context and the opportunities for two-way discussion.
Although the 2019 Verizon Data Breach Investigations Report confirmed that he use of malware now sits at just over 20% (a significant decline from its height during the WannaCry and NotPetya attacks in 2017) the threat still exists and attackers still use these methods in an attempt to get victims to pay a ransom in order for their critical data to be released. Therefore, creating regular backups of your data is essential so that you can redeploy your backups instead of paying the ransom demands.
Regular backups are also essential in the event your organisation falls victim to a successful breach as the backups can be redeployed to minimise damage and disruption to your organisation.
As the 2019 Verizon Report states, “29% of breaches involved the use of stolen credentials”. Setting up two-factor authentication is a guaranteed way of increasing security and reducing identify theft as a criminal would need more than just your username and password to access your accounts. “Two Factor Authentication” or “Multi Factor Authentication” as it is also known requires a piece of information that only the user will know, or have such as a text with a code, a code from an RSA token or a fingerprint to unlock the account you are trying to access alongside standard login credentials.
Updating to the latest version of your operating system can keep you safe by adding new security protections.
All Windows PC’s come with Windows Defender as standard which we recommend you keep turned on. We also recommend using additional antivirus software to protect your computers.
Hackers will take advantage of any out of date software, exploiting its flaws and use them as a gateway into your computer or network.
Making sure all employees have their own log in information ensures that each employee only has access to the technology that they need to do their job.
Remember, not to give administration access to standard users as this would make it much easier for a malicious individual to gain administrative access to your network in the event they were to obtain the login credentials of one of your users.
Setting privileges also ensures that employees can only access the company data that they need, stopping unauthorised access to company computers, accounts and data and reducing the likelihood of breaches from within.
These are just a few of the quick wins your business can take to remediate vulnerabilities which are easily exploited by malicious actors. For more information on how you can further enhance your organisations defences against cyber threats, please get in touch to speak to one of our specialists.
© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.