Cyber-attacks have increased significantly since the onset of the pandemic and does not look like abating. Only last week, one of the largest providers of IT Management Software suffered a ransomware attack with hackers demanding $70 million dollars to release data.
The National Cyber Security Centre (NCSC) has advised businesses to take urgent steps to tackle cyber-attacks by ensuring they have the means to restore their systems in the event of a breach.
There is no such thing as 100% secure, in fact, you would be hard-pressed to find a network that is 70% secure knowing how quickly hackers are able to develop and deploy new threats! The good news is there are steps businesses can take to mitigate the impact of a cyber-attack because the likelihood of your business suffering an attack is more when than if.
So here are our top 5 tips to better secure your IT network.
1. Train Your Team
It is often said that people are the weak link in the war against cyber-attacks. We disagree. We believe that a well-trained workforce is the best defence against cyber threats. Turn your team into cyber warriors with regular cybersecurity training which can be as simple as sharing a handbook with the staff, containing information about what to look out for, and tips for practising good cyber-security hygiene. The NCSC has a free training toolkit on their website that can teach staff the basics. You can find it here.
For more robust training including simulated phishing attacks, we recommend the KnowBe4 solution.
2. Outline Policies to Govern the Way You Use IT
Policies will help set a uniform standard for staff as to how they access your IT systems.
You can have policies for passwords where you determine the type of passwords team members use and how often they are changed; you can create policies for accessing the internet, policies that govern how information is stored (i.e. that USB drives must be encrypted). You can have policies that govern BYOD (bring your own device) and how the business’s Wi-Fi is accessed.
Reviewing company IT policies should be an integral part of staff development. We recommend adding to your new starter induction as well as part of any ongoing staff training.
You can request sample IT policies by contacting Aidan. Click here to send him an email.
3. Get a good Disaster Recovery Solution
Gone are the days of simply backing up data. Whilst having onsite as well as offsite backups is essential, any backup solution you choose must have the ability to restore ALL aspects of your information, data as well as the applications that run them.
4. Get a good anti-spam and email filtering solution.
Most viruses will enter an IT network via the internet and email. A good anti-virus and anti-spam solution will stop a high percentage of malicious emails from entering your system in the first place.
5. Get a good IT Company.
One like Supreme for example! 😊
Seriously…it can make all the difference. The bulk of the IT work we carry out on behalf of our customers is behind the scenes, which you do not see, much of which is securing your IT network. Checking backups are still working, applying patches and software updates, managing anti-virus solutions and much more.
In the event of a cyber-attack, a good IT Company will help you limit the spread of the attack and work diligently to restore your systems.
If all fails and your business falls prey to a cyber-attack, here are some steps you should take:
1. Do not panic, but you will need to act fast! Your cyber incident response plan should include a step-by-step guide of what staff should do in such an eventuality. For instance, one of the most important guidance should be that if a user has accidentally clicked on a malicious link, they should immediately switch off their device and disconnect it from the mains. That way it is quarantined from the whole network.
2. Contain the Breach.
Here are a few immediate things you can do to attempt to contain a data breach:
- Disconnect your internet.
- Contact Your IT Company who will…
- Disable remote access.
- Maintain your firewall settings.
- Install any pending security updates or patches.
- Change all affected or vulnerable passwords immediately. Create new, strong passwords for each account, and refrain from reusing the same passwords on multiple accounts. That way, if a data breach happens again in the future, the damage may be limited.
3. Assess the Breach.
If you are one victim of a broader attack that is affecting multiple businesses, follow updates from trusted sources such as the NCSC who will be monitoring the situation to make sure you know what to do next.
You will also need to find out who may have been affected by the breach, as it may have affected external contacts – for example, suppliers or customers. If you have suffered a data breach, assess how severe the data breach was by determining what information was accessed or targeted, such as birthdays, mailing addresses, email accounts and credit card numbers.
4. Inform People
You will need to notify people that the breach has happened especially those who may have been affected.
If you have cyber liability insurance, inform your provider immediately.
You can also report cyber incidents to Action Fraud - the National Fraud and Cyber Crime Reporting Centre (actionfraud.police.uk). If the incident involved a data breach, we would advise reporting it to the Information Commissioner’s Office (ICO) under GDPR guidelines.
Supreme Systems is an information technology company established since 2008.
Leading IT Services provider and Cloud solutions for businesses in West Midlands.