How can you protect your business from a cyberattack?
Tom Huckle, Lead Cyber Security Consultant and Head of Training at Crucial Academy The introduction of GDPR, a string of high-profile data breaches and reports of state-sponsored cybercrime made 2018 the year Britain woke up to cyber security. With millions wiped off share prices, corporate reputation and consumer trust eroded, UK businesses have seen quite enough cyber casualties to finally take the threat of attack seriously. A recent report highlighted a global shortfall of 3 million cyber security professionals just to keep pace with the demand from business.
The scale of the threat from malicious individuals or organisations can seem daunting, but a few changes and a shift in mind-set can drastically reduce the chances of your business falling foul of cybercrime.
Here are some key points to help protect your business.
- Build a cyber secure culture from the top down Cyber security is not a ‘job for IT’ – an effective cyber security culture will be developed from the top-down. While they won’t always be the most technical people in the business, it’s vital that senior management understand how critical cyber security is and gain at least a base level of understanding so that the message of vigilance can be convincingly conveyed to staff. It’s senior management who will be able to sign off on company-wide security procedures and policy, inspire their teams, upskill existing staff and bring in the technical expertise to bolster their defences.
- Ensure adequate staff training
So often, the chink in a company’s cyber armour is its well-intentioned but untrained staff – and cyber predators are ready to take advantage.
Around 94 per cent of malware enters a network via phishing. Phishing emails are becoming more sophisticated, deliberately targeting staff with messages that appear to be addressed to them individually from clients or suppliers. Many include attachments which mimic anything from invoices to tax documents.
Conducting fun, interesting and easy-to-implement staff training on a regular basis is key.
- Be alert to malicious insider threats
Insider threats can be considered malicious when an employee intentionally sets out to harm your company through insider access to data.
Although these may be difficult to spot, there are some tell-tale warning signs. Monitor for suspicious behaviour, such as employees accessing company networks at odd hours or outwardly showing hostility towards colleagues or company policies. Keep in mind that staff who will be leaving the company may become liabilities if their access to company data isn’t limited adequately before they depart and completely stopped upon their leaving.
- Ensure security policies are in place and up to date Put a PoLP (Principal of Least Privilege) policy in place to safeguard against breaches. This system sees a new arrival start with no privileges and only receive access to the systems and files they need to do their job. It may seem simple, but it takes planning as many security systems assign rights in groups rather than to individuals.
- Install and update cyber security software Install anti-virus programmes and monitoring tools on all systems and make sure all cyber security software and browsers are kept up-to-date.
These updates aren’t just helpful in providing access to their latest features, they are essential in the fight against cybercrime.
The best advice for business is to take cyber security seriously in 2019. Every business is a potential target regardless of size, income or industry and every single one of them has valuable business data to protect.
Founded by a former Royal Marine Commando, Brighton-based Crucial Academy offers free accredited courses, qualifications and careers in cyber security to those that have served in the armed forces.
- Ends –
Tom Huckle – Lead Cyber Security Consultant and Head of Training and Development at Crucial Group
Tom Huckle is a digital security specialist and Lead Cyber Security Consultant at Crucial Group, a professional information technology and services company providing cyber security & GDPR consulting, cyber security training and a state-of-the-art academy in the advanced technology markets.
Prior to joining Crucial, Tom was part of the Global Attack Monitoring Team at Barclays Bank, where he was responsible for cyber-attack monitoring, cyber threat hunting, proactive defence, alongside network and host intrusion detection. He also held a number of senior positions at the Ministry of Defence during his eight-year tenure as well as holding the role of cyber security consultant at Corporate Security Consultants.
After leaving University, Tom joined the Royal Marines, where he served for eight years, rising to the rank of Captain and leading teams in high risk areas including Afghanistan. In his final two years of service, Tom taught himself cyber security, gaining several qualifications including CompTIA Network+, Security+ and ITIL. Tom now applies his strategic planning and leaderships skills to helping businesses protect themselves against cyber-crime.