How is your Cyber Hygiene?
Cyber Hygiene is becoming an increasingly important consideration in the fight against cyber crime.
What do the figures look like?
The statistics around Cyber Crime are astounding. According to research carried out by HMRC in 2017:
- 46% of all companies suffered some kind of data breach in the year, which increased to 66% in larger businesses.
- 13% of businesses reported that they are being attacked daily.
- 72% of the reported attacks are from phishing or malicious emails, of which 33& are through the use of malware, and 27% are through impersonating the organisation under attack.
What could it mean to your business?
The results of an attack can be significant for any business:
- Loss of reputation
- Costs to clients or customers whose information may be compromised
- Cost in terms of time and financial outlay to fix and resolve the problem.
- With GDPR looming, there will be hefty fines in future.
So how can Cyber Hygiene help?
What should businesses be considering to protect themselves and the data they hold?
The most important consideration is setting up and maintaining consistent routines, with regular checks and behaviours to ensure our online health is conserved. In other words, our day to day routines keep us, and our data, as safe and possible!
What should you look at to ensure your Cyber Hygiene is good?
There are some very basic areas that you should look at to ensure that you are doing all that you can to ensure your security, though you may well need to call on your IT expert for their support and confirmation that some aspects are in place.
- Check to see who has access to what systems. Only grant access that allows your team into areas they need to fulfil their roles.
- Implement two stage authentication wherever possible. The large software providers have given this option for a very valid reason!
- Remove old users accounts that may no longer be required.
- Keep administration privileges to a minimum.
- Remove any old PCs or connections as soon as they are no longer required and dispose of them safely.
- Ensure your website is kept up to date with security updates as soon as they become available. The cost of a maintenance programme will far outweigh the cost of putting right a serious security breach.
- As standard, your passwords should be a minimum of 8 characters, including upper and lower case, special characters and numbers.
- Avoid words or names related to you that could be guessed.
- Misspelled words are great as they are extremely difficult to guess.
- Change your passwords regularly.
- Never use the same password for multiple systems or programmes.
- Never allow the sharing of passwords within your business.
Malicious / Phishing Emails
- This is the most popular weapon of choice, so make sure your team knows what to look for.
- Fake invoice emails are the most popular.
- Make sure you conduct the following checks before you click on any attachments:
- Am I expecting the invoice?
- Does it look right? Is the spelling correct?
- If you hover over the sender name does it look right?
- Is the grammar and language used what you would expect?
- Try sending phishing emails to your own business and see what results you get.
AntiVirus Software and Firewalls
- Speak to your IT support and make sure that these are 100% up to date and robust. They are your last line of defence.
- Scan your systems regularly and keep the software up to date for new viruses. The rate of development has accelerated dramatically recently and will continue to do so.
- Again, ensure these are taken regularly.
- Make sure your back-ups can be restored quickly and efficiently to avoid the loss of data.
- Check how these are stored and that they are secure. A back-up of your data would be a gift to anyone who could obtain access!
Once you have been through all of the above, make sure that you have a programme in place to review and check that this stays up to date. Make sure that new colleagues are carefully trained, and that old habits don’t recur.
Finally, make sure that your IT support are keeping you informed of new developments and changing behaviours and risks around the area of Cyber Hygiene, Cyber Health and security. The easiest way to do this may be to send them a link to this post and ask them the question!