It is no secret that mistakes made in cyber security measures can be costly. Running from ransomware to Phishing attacks, SQL injections and much more, threats are continually evolving in an attempt to evade the perimeters of cyber security software. With so many different cyber security threats facing businesses, it can leave you wondering how cyber security can be improved within your business to keep you protected.
The UK government cyber security breaches survey reported that 46% of UK businesses experienced and reported a cyber attack in 2019, with most businesses experiencing cyber security issues at least once a week during 2020.
Although this figure can seem daunting, there is plenty that businesses of all sizes can do to improve their cyber security now and in the future, especially with the rise of remote working.
Common Cyber Security Mistakes
There are some common mistakes that many businesses, regardless of their industry, often make in regards to their cyber security. These often include:
Over-reliance on antivirus software: While anti-virus software can be good at identifying and catching more typical malware threats, cyber attacks are becoming increasingly sophisticated. It has been estimated that less than 40% of cyber security attacks carried out today contain malware.
For organisations that deal with particularly sensitive information, antivirus technology is not nearly enough. While your software may work to prevent standard malware attacks, it will fail to catch more sophisticated ones, leaving your business vulnerable to cyber security threats.
Assuming that your business is not a target: Every business is vulnerable to cyber security threats. Many cyber attacks will not discriminate against industries or business types. Wherever there is an opportunity to gain capital or information from businesses, cyber criminals will attempt to exploit it.
By assuming that your business is not a target, maybe because your organisation is very small or you don’t handle large amounts of capital on a daily basis, can make you an easier target and leave you wide open to attack.
Neglecting Software updates: Older versions of software and programs may contain vulnerabilities that cyber criminals have learnt to exploit. Many updates will often serve to patch these weaknesses and keep you one step ahead of attackers.
Avoiding the practice of basic patch management, by ignoring or delaying updates to your software, can put your business at unnecessary risk.
Not training employees on cyber security: Your employees can often be your last line of defence in the face of some cyber attacks, particularly Phishing attacks. Phishing attacks will target your employees directly through email or other messaging services.
Training your employees on basic cyber security and keeping them up to date with your latest cyber security protocols will ensure they know when and how to report potential breaches and manage cyber security more effectively on their work devices.
Not regularly updating passwords across company devices: Passwords that are not regularly updated are significantly more susceptible to ‘brute force attacks’. In this type of attack, a cyber criminal will attempt to find out as much as possible about the length and structure of your passwords, then try every possible combination until they can gain access.
If you or your employees use the same password across multiple company applications or devices, this could potentially compromise multiple areas of your business in one go.
How Cyber Security Can Be Improved
Although the prospect of updating your business’s cyber security can seem daunting, there are plenty of simple steps you can take in the long and the short term to ensure that you are better protected.
Some short term cyber security improvements that you can start implementing right now;
- MultiFactor Authentication (MFA): Use it wherever you can – whenever you can. MFA vastly reduces the likelihood of credential compromise that leads to a breach of your cyber security
- Asset Management: Make sure you understand your IT assets – without a good understanding of this, how can you protect them?
- Patch Management: Make sure you are applying updates across your IT estate.
- Training: Deploy Cyber Security training to your team to make them aware of the most common threats to your business and how they can help mitigate them.
- Email Security: Email is still one of the most common avenues used to compromise a businesses’ cyber security – so ensure you have a robust email security solution in place.
- Housekeeping: Ensure you have robust controls in place to disable inactive accounts
There are also many longer-term cyber security solutions that may require greater consideration and potentially some financial investment. Many of these solutions are highly recommended for businesses that may handle large amounts of capital on a regular basis such as hedge funds, Alternative Investment organisations and other businesses in the financial services sector.
- Cyber Security Policy: Define and implement a company-wide cyber security policy for work devices
- Recovery Plan: Develop a recovery plan to help your business bounce back and minimise risk in the event of an attack
- Vulnerability Scanning: regularly scan your IT estate for known vulnerabilities and get into a cycle of remediating those vulnerabilities.
- Penetration Testing: ask a third party to try and discover/exploit vulnerabilities in your IT security
- Investment: Invest in further cyber security solutions tailored to the unique needs and potential weaknesses of your business
While taking the time to invest in and develop robust cyber security solutions will help to protect your business in the event of an online attack, don’t neglect your physical IT security. Ensure that company devices are stored securely when not in use.
While there is no guaranteed way to avoid a cyber attack, there are plenty of steps that any business can take to improve their cybersecurity, regardless of size, available funds or industry. Recognising that your company needs to take steps to improve its cybersecurity is the first step towards becoming better protected. The rapidly-evolving nature of cyber attacks makes cyber security measures a conversation that your business will regularly need to have and keep all employees updated on.
At Tribeca we specialise in providing IT Managed Services and bespoke Cyber Security solutions for Alternative Investment firms, Hedge Funds and Private Equity organisations. We will work to understand your business and identify any potential weaknesses in your cyber security practices and work with you to develop a plan that is tailored to your needs. Utilising the latest technology coupled with end-user training programs and ongoing maintenance, our Cyber Security team can help to better protect your business against cyber security threats. Contact our team for more information today.