The recent ransomware attacks on the Irish Health Service show that, regardless of size or industry, any business can be targeted by cybercriminals. It can be difficult to stay up to date with all the new attack vectors and methods that hackers are using to gain access to sensitive data or lock businesses’ IT networks. However, there are policies and practices that can be put in place to lower the chance of falling victim to a cyberattack. Below are six ways to improve your IT security and reduce the chance of a cyberattack.
Cybersecurity Awareness Training
Even with the best software in place to avoid a cyberattack, this can all fail due to human error. All staff should have cybersecurity awareness training, so they are able to spot a potential cyberattack or phishing attempt. Regular training also builds a culture of security so all employees will stay cybersecure and understand the core values and benefits of cybersecurity. Companies can also run phishing tests on employees to give real-world examples and test if employees are able to spot a phishing or ransomware attempt.
Password hygiene is a set of recommended requirements that result in more complex passwords that are harder for a cybercriminal to guess or brute force. When setting a password, it should belong, ideally more than 10 characters, it should not use names or common phrases and it should include special characters. These rules for setting a password are important, as simple passwords are easy to crack with a brute force attack. It would take a hacker 2 seconds to crack a 7-letter password, whereas a 12-character password with numbers and special characters would take over 500,000 years. It is also best practice to not reuse passwords, especially for important logins such as for work, bank accounts and email accounts, and passwords should NEVER be shared, even to trusted individuals.
Two is Better than One
A strong password is a great place to start for securing an account however, this is often not enough as it is still possible to fall victim to a replay or phishing attack. Multi-factor authentication reduces the risk of these attacks by adding another layer of security. With multi-factor authentication when a user enters their password to login, they also need to use an authentication app or biometric authentication to finalise the login. This process means that even if a cybercriminal has access to a user’s password, they will be unable to fraudulently login unless they have the access to the victim’s phone and PIN.
Secure Your Devices
All company and personal devices, including laptops, phones and tablets should have security measures in place to ensure they cannot be compromised. All devices should have a secure password, be running a firewall and antivirus and only connected to secure, trusted networks. Finally, updates to systems and software should be run as soon as possible as without updates this leaves devices vulnerable to compromise.
To avoid significant downtime or loss of data and profits due to a ransomware attack or data corruption, it is of the utmost importance that files and servers are backed up often. There are software solutions, such as Acronis #CyberProtect, that not only regularly back up data, but also have automatic rollback so in the event of a ransomware attack, the system will automatically roll back to a safe point with no loss of data. Businesses should also consider where their data is backed up as if a third-party backup solution has a data breach this opens up the possibility of supply chain compromise.
Think Before You Click
Whenever an email or message is received with an attachment or link employees should always consider whether it is safe to open. If the email is not from a trusted sender, attachments and links should never be opened. Even if the sender is trusted, if the email or link seems odd it should not be opened. Regardless of the sender or what the attachment is, it is always safer not to open them, as this is the most common vector for ransomware attacks.
Regardless of the size of a business, its revenue, the industry it is in or the amount of sensitive data it has access to, cybersecurity should always be high on a company’s list of priorities. If a company falls victim to a data breach or ransomware attack it can cost the company a significant amount of money – but even worse, it can damage their reputation and erode the trust of their customer base. It is important to remember with data breaches and ransomware attacks, prevention is better than recovery. These tips are a great foundation to secure a business, however, there is always more that can be done to safeguard against an attack.