According to UK Government, 46% of businesses and 26% of charities have been victim of a cyber-attack within the last year. The frequency of such attacks means multiple layers of security is essential for combatting sophisticated threats such as ransomware, malware or social engineering attacks which are rapidly evolving. To create a cyber secure network and culture, we’ve shared 31 best practises anyone can take on board.
If you are wanting to create a safe and secure cyber space within your organisation, these tips are a good starting point:
1. Audit Your Passwords – Make sure your passwords are not 1234 or qwerty. Including numbers, symbols, uppercase and lower-case letters increases security and decreases the chances of it being guessed.
2. It can happen to you: Many businesses and individuals have a mindset that cyber-crime won’t happen to them “54% of SMB owners think they are too small for a hacker to be interested”. Be cautious and vigilant, don’t put yourself or company at risk.
3. Implement MFA: Multi-Factor Authentication (MFA) should be implemented, 81% of breaches are the result of stolen, default, or weak credentials. MFA can significantly improve protection for your systems.
4. Invest in a web-cam cover: With video usage on the rise, now is the time to invest in a web-cam cover. You never know who could be watching. For any customers that have a webinar with us between now and the end of June, we will send you a premium Boxphish webcam cover.
5. Think before you click: Checking a link, particularly from an unknown sender before you click is key to protecting your business.
6. Software Updates: Often Software Vendors release updates to improve security and fix bugs, ensure your updates are applied in a timely manner. Encourage this at all levels in the organisation
7. Consider a password manager: Given that it is “world password day” consider the use of a Password Manager. They can be useful to store and create your passwords.
8. Encrypt your data: Encrypting your data can provide an extra security barrier in the event of a compromise.
9. Double check payments: You should always check new payments with your manger or FD before sending funds. Particularly if you were not expecting it or if there is emotion to make the payment
10. Remember Your Remote Workforce: Home Wi-Fi security is often not as secure as a company network due to weaker protocols. Awareness and training are critical for remote staff to ensure they are extra vigilant to attacks such as phishing scams
11. Starts at the top: It is the responsibility of ALL employees to stay cyber safe. This message should be delivered by the leadership team.
12. Access Control: Limit access and rights for your end users to only the data they need to effective in their role. This can be very helpful to contain and mitigate damage in an account takeover
13. Backup Data Regularly; Hold a secure and recent backup of your data in case your data storage gets compromised
14. Educate using simulations: A well-structured simulation strategy enables your end users to learn while in workflow and gives you a strong indication of your risk score and individuals who pose a higher threat based on engagement
15. Avoid public Wi-Fi: Where possible avoid public Wi-Fi, use your 4G personal hotspot and make sure it is password protected
16. Call it out: If in doubt contact your IT Team to so they can remove the threat, complete any remedial work and safeguard other users as quickly as possible
17. Prevent domain spoofing: Set up Sender Policy Framework (SPF) to help prevent Office 365 spoofing
18. Mobile device management (MDM): Invest in MDM software, particularly if you have a bring your own device (BYOD) policy in place
19. Educate yourself on evolving Phishing scams: It is estimated over 70% of cyber-attacks are from Phishing Attacks. The key to protect yourself and your company, is by learning what to look out for
20. It’s never too early: Use employee onboarding as an opportunity to talk through everyone’s role in cyber safety and talk through how ongoing awareness and following good cyber behaviour is expected as part of your role
21. Cyber Liability Insurance: Cyber liability insurance helps your company respond should you be a victim of a cyberattack or data breach.
22. Ensure Cyber Security Policies are updated: All companies should have the appropriate policies in place for staff covering as a minimum; Internet and Email, Social Usage and Asset Management
23. Invest in traffic filtering software: Businesses should deploy traffic filtering software for email and internet services to limit exposure to online cyber risks
24. Breach Response Plan: Businesses should have a document breach response plan that that should be regularly updated and tested.
25. Stop and Think: Often phishers or scammers ask you to act immediately, whenever you see an email which demands urgent action, be wary and take a minute to consider its reliability.
26. The Need to Read: for any UK business leaders wanting to understand the UK Cyber Security landscape, reading is crucial. The following article by Dan Swinhoe (Editor CSO) is a great start:
27. Lock your device: In the event you walk away from your device it is good practise to ensure you lock your screen. If you leave your laptop in the office on an evening it is good practise to have a locker or secure desk
28. Use free USB’s with caution: Removable devices such as USB sticks, SD cards and CD’s can be loaded with Malware that infects the computer when plugged in. Be very cautious about using removable devices when not purchased from a reliable source
29. Conduct regular penetration testing: Penetration testing is designed to identify and weak spots and potential vulnerability. Running a penetration test will help find these security weaknesses
30. O365 File Sharing: One of the most successful phishing scams is driven by an O365 file share link. Be extra cautious before clicking, if in doubt its good practise to call or chat the sender to confirm its legitimacy
31. Work With a trusted partner: choose an industry specific SaaS training platform, which aims to reduce the human cyber risk within your organisation.