It’s been almost a year since businesses were rushing to buy laptops and IT equipment to implement a home working environment for employees. Of course, set up included IT security such as anti-virus, VPN’s and remote access so that the laptops were well protected; but with a significant increase in the activity of cyber criminals, which in its own right is an epidemic, was this enough?
We all know the impact of poor cybersecurity and unprotected data – vulnerability to attacks resulting in financial, operation and sales losses such as:
- Potential ransom due to file encryption
- Fines from the ICO and other industry bodies
- Costs associated with breaches of client contracts and SLAs
- Time and resource to rectify
- The ability to attract new business
There are 7 key areas that we recommend to any business, to improve security in their organisation:
1. Web filtering
Since the move to home working, it is highly likely that your existing web filtering and protection no longer works for your entire workforce. Yet, making sure that mobile and web security is functioning for your workforce is even more critical for all of your devices.
It is important to create an umbrella style protection from any location; in the office, working remotely – even if an employee is using public WIFI. By doing this, your business is better protected in all eventualities (even when we get back to a more ‘normal’ way of working).
It is standard to have this on all computers and laptops, but is it up to date on all devices? Is it at the right level of protection or do certain employees require a higher level of protection now they are working from home?
Antivirus protection remains a key aspect of cyber security protection when safeguarding against threats such as ransomware and phishing scams. It is important to carry out a regular audit review of your current position for all of your network environment. Alongside this, it is paramount to explain to all employees about the importance of Antivirus software and to speak to IT immediately if they receive any warning messages that indicates that it isn’t working, or the licence is due to run out.
3. Email advanced threat protection
Similar to point 1, but email filtering is used to make sure that everyone’s email is protected. Email is the primary tool for hackers when pretending to be a client or supplier and convincing a person to click on a link, open a webpage or PDF. That click could download a virus, give permission to the hacker to access that person’s computer or even encourage the person to provide login details to access the company’s core systems.
4. Artificial Intelligence for email protection
Artificial Intelligence tools can help protect the business from mistakes like these as well as demonstrate compliance to clients, suppliers and stakeholders of your business. These tools can scan and filter viruses, filter spam (which has grown considerably in the last year), email-borne malware protection, anti-phishing protection and typosquatting protection.
These cloud-based solutions are available to guard against business email compromise, account takeover, spear phishing and other cyber fraud activities.
All of these types of attacks are significant security threats being faced by businesses, particularly with the newer style of working. These hyper-targeted attacks use socially engineered tactics designed to trick employees and the outcome can have a huge impact to your business financially.
Employees are using cloud based tools such as Teams, SharePoint, O365, Google Drive on a daily basis. Do all of these applications provide a backup service? How long do they hold your data for and is this long enough for your business needs and compliance?
Back up is always considered for locally hosted applications, but often assumed for cloud based applications. It is important to understand the back up of data that is held on all applications and worthwhile considering a cloud to cloud back-up solution so that you know you have access to all the data you need at any time.
6. Multi Factor Authentication (MFA)
Many applications are now asking for Multi Factor Authentication, but do you have this for your domains and cloud applications such as O365 so that you have an additional level of authentication via a mobile device?
This should be considered to enhance the protection your systems and take the pressure off IT as well as greater assurance to the business owners and directors.
7. Employee awareness training
It is continually cited that employees are the biggest risk to the business when it comes to cyber breaches. We all know this is true as they are the gateway to the business and its data. Everything above helps to protect your employees but how about improving their knowledge on the latest scams and tricks being used?
Employee awareness training is a big project to manage in-house; keeping the employees updated on the latest tactics, getting them to read your communications, carrying out training sessions etc. A great cost efficient alternative is utilising a web based security awareness training facility that is adapted to your business, its processes and employee habits. This facility is continually updated based on the latest attacks and it can be adapted as to how often you want employees to carry out training. Training can be carried out from any location and at any time of day that works for the business and employee.
Supporting your business with cyber security solutions
If you would like to speak to one of our team about any of the solutions above and how they can integrate with your existing IT set up, please contact Andrew Wayman at [email protected] or call our office on +44 (0)1344 870062.