How to protect your business from a cyber attack

These days, businesses are increasingly falling victim to data breaches - so it is safe to assume that your business is also at risk of a cyber attack at any time. Most office employees use email and the Internet every day, making them your first line of defence against cyber crime - but also a soft target for cyber criminals.

The best way to equip your business to fight cyber crime is to inform and educate your employees about all the possible angles of attack and to remain vigilant at all times. Phishing messages, malware in email and websites that mimic known websites (often with only one letter being different in the URL) are common approaches used by hackers to gain access to banking details, usernames, passwords and other sensitive company information.

Here are a number of very effective steps you can take to protect your business:

Anti-virus software and firewalls
If you don’t already have anti-virus and anti-malware software installed at your business, have them installed immediately. While this will not avoid all attacks, it is essential to any basic cyber defence strategy. Once the anti-virus is in place, it is critical to keep the software updated.

Install a firewall to protect your network and control the flow of Internet traffic. Also install software that works against threats such as virus, spyware and phishing attacks.

Phishing scams
Phishing is when cyber criminals attempt to gain access to personal information, passwords or banking details to defraud the victim. Your staff should never respond to emails from people they don’t know asking for help or money, or offering a large amount of money in exchange for personal information. You’ll be astounded by the number of people who fall victim to these criminals every year, making this one area where on-going employee education is crucial.

Update (everything)
Make sure you do all the updates your software prompts you to do. That includes operating system updates, updating system software and browser updates along with any updates for plug-ins, like Adobe Flash or Java, you’ve installed.

Most well known web browsers will alert the user when a website they are visiting is considered dangerous. Be sure to heed to these alerts.

Devious links or downloads
Cyber criminals often gain access by getting people to open attachments or click on links in emails from unknown sources. Malware can even be hidden in an image or video file, so be sure to only download content from trustworthy websites. Websites that allow users to download pirated music or movies are also a risk area - avoid these websites at all costs.

Be password smart
A strong password is one of the simplest and most effective ways to enhance your security. Experts recommend a combination of capital and lower case letters, numbers and symbols with at least 8 to 12 characters.

Passwords must be changed regularly (every 90 days) and never use the same password for your email, social media and other websites that require login passwords. We’ve found that employees often ignore this advice, as it can be inconvenient or annoying to remember different passwords, so it is important to implement strict company password policies.

Restrictions and encryption
It is sensible to set up limited administrative rights and restrict certain software to avoid any unauthorised software being downloaded.

Because laptops are - by their nature - mobile devices, they are especially at risk. Encrypt all company laptops to avoid any security breaches. If your company uses a wireless network it should also be encrypted.

If necessary you can encrypt drives, folders or individual files containing sensitive information.

Other steps
Installing data loss prevention software and risk assessment software is one of the most effective ways to detect incidents that could lead to a data breach. This will enable you to monitor all activities on your business network and it will warn you of any breaches or intruders.

Safely storing your data through regular, scheduled backups is also very good practice. Back up servers weekly with smaller backups every night.