Protecting your business in the cyber security era

Almost every day we hear reports of businesses being impacted by a lack of effective cyber security practices; often causing significant financial losses, reputational damage and productivity issues.

The recent Capital One data breach saw 106 million customers’ details stolen because of a misconfiguration in its firewall settings. Similarly, the 2017 Maersk ransomware attack was traced back to an accounting package combined with admin login on its server.

For many SMEs, cyber attacks are something that only happens to large, corporate businesses. In our experience, however, there are numerous instances where local businesses have fallen victim to these malicious attacks but have remained quiet.

Despite constant media attention, is the north-east business community learning lessons from these experiences? I remain unconvinced that we’re taking the threat of cyber attacks seriously enough, while user education remains by far the most cost-effective way to safeguard your business.

Our aim at The TechForce is to minimise risks to clients’ businesses and critical information. Here are five steps to help achieve that goal:

1. Find your assets and define the risk: To protect your business, you need to know what assets you have, where they are, who has access to them and what danger they pose. Our aim isn’t to achieve a zero level of risk but to get you to a level of risk that is acceptable.

2. Update and patch your systems: If you do nothing else, patch your systems. There are no silver bullets in cyber security, but patching is the next best thing. Both the Marriott data breach and the NHS ransomware attack are testament to the dangers of not properly updating your systems and software.

3. Network security: Stop the external attacks at your firewall and filter out unauthorised traffic by changing your default passwords, checking open ports, updating network devices and using robust anti-virus software.

4. User education and awareness: Whatever technical controls you have in place, your users are the weakest link in your cyber security. Phishing attacks are the biggest threat to businesses and the best way to mitigate this risk is by educating your users and changing their behaviour through security awareness training.

5. Secure your supply chain: You can do everything right and secure your systems, yet still be stung by your supply chain. There have been several high-profile cases where third-party software have been the cause of a hack. Ask your suppliers and vendors to demonstrate their cyber security credentials as part of a risk assessment.

Security is a culture and it takes time to build. As well as following the above steps to help improve security, businesses and organisations should aim to achieve an industry-supported certification, like Cyber Essentials or Cyber Essentials Plus, to increase confidence among clients and suppliers.

This article first appeared in the AGCC September Business Bulletin