November 22, 2019
It really is no laughing matter when cyber-crime is now believed to be costing the UK an estimated £27 billion a year. But what can we do about it (we hear you cry!)? Well here we take you through some practical steps that can be taken to limit your cyber damage – both before and after an attack.
How to prevent loss from a cyber-attack?
An obvious starting point is to mitigate as much as you can to reduce the threat. Here preparation is king! Lack of it could lead to significant consequences to both your company’s reputation and bottom line. It is all about loss prevention and building in the best resilience you possibly can within your business. Take time to review and assess your risk and alongside this develop a Data Security Policy.
As a minimum this should answer a number of questions including:
- What physical security do you have in place to prevent unauthorised access to your servers (if you house them on-site)?
- What access do employees have to systems and data? Consider restricting them to only those areas they need to do their jobs by protecting shared drives and limiting those that can use them.
- What personal data do you keep for 3rd parties?
- What encryption do you use including for file sharing?
- How often are updates actioned? Ensure all security software is kept up to date and all software patches are downloaded promptly.
And don’t forget about educating your people…encourage them to adopt a tidy desk policy, don’t have passwords on post-it notes on their screens for example! Make sure there is a shredding facility so sensitive paper data is properly handled.
The list goes on, but much involves an essence of common sense and regular checking that the various areas are being adhered to, plus making sure that there is ongoing security monitoring.
How can you make sure you suppliers and partners are cyber secure?
You may well take every step possible to make sure your business is as tight as it can be against cyber-attack, but that means little if who you work with are not as strict or focused as you. For example if you are a manufacturer or distributor and one of your key suppliers is attacked this will disrupt their ability to supply you and so the knock on effect is that your operations will also be affected.
Not many like the word ‘audit’ but it is an important aspect of business. With many small businesses relying on software to automate processes, manage partners, sell to customers, the targeting of supply chains by cyber criminals is an ever increasing threat. So auditing that supply chain is imperative to make who you rely upon to keep in business also have the resilience to stand up to a cyber-attack too.
What to do if you have been the victim of a cyber-attack?
Let’s face it they are clever, devious people those hackers and so it is nigh on impossible to fully eliminate the risk. They are constantly evolving new and increasingly sophisticated ways to get round even the tightest of security. Take the recent attack on the Labour party , but the critical thing here was that they were highlighting at the time that it had “on-going security processes in place” and that they were dealing with it “quickly”. This suggests that they had a plan in place to deal with the effects of a cyber-attack. The obvious recommendation here then is to make sure you have a plan in place.
What should a cyber-attack recovery plan include?
Well the important thing is to have one that can evolve with the situation and help to minimise and reduce the damage to your business. So, it could include:
- How to identify and isolate a security breach?
- Identifying a dedicated response team
- Outline who you are required to notify such as regulators for any breach involving public and / or third party data
- And if significant enough, the option to engage with PR specialists who are experienced in crisis management
The next steps is also to make sure you have the back up of your information to make sure you can recover as much of what you need as possible.
What are your backup and recovery options?
Time was when all you did was stick a disc in and restore from your last back up, but technology now means there are a variety of different options available. Whether this is for external drives or local server backup – having the ability to be able to recover at least the majority of your information will give an element of peace of mind.
There is no doubt that the prevalence of cyber-attack is increasing, but taking some simple steps many small to medium businesses can make sure they are as resilient as they can be. And this could be the competitive advantage over non-resilient competitors!