What is Cyber Security?
The term cyber security simply means protecting your devices and networks from cyber attacks. Computers, smartphones and tablets are an essential part of every day life. Whether it’s via email, app, the internet or connection to a network, all our devices are susceptible to unauthorised access.
Cyber criminals continually find new and inventive ways to steal, alter, disable, expose or damage networks, devices and data. Therefore, it is essential that businesses of all sizes secure their devices on multiple fronts.
Preventing Cyber Attacks
A cyber attack is any attempt to access a network, device or information without permission. The intent of a cyber attack is always malicious and usually causes maximum disruption to a company and often its customers. Businesses have a duty of care to protect themselves from network and online attacks.
Holding vast amounts of customer data or supplying essential services means that unauthorised access can have devasting consequences. This is where having robust information security measures in place can help.
Whatever the size or scope of your business, it can feel overwhelming when reading about cyber security. Not a day goes by without a story in the news about cyber attacks or exposed information.
Most people have heard about the common types of unauthorised access. However, you may be surprised to hear that common methods such as ‘phising’ can also be attempts to breach devices and networks.
Some Common forms of Cyber Attacks
- Malware – includes well-known attacks such as ransomware, viruses and spyware. Uses malicious files or codes to infect devices or networks.
- Phishing – malicious links or attachments that are designed to look like they are from genuine sources. Common phishing scams include email or text messages from banks and the HMRC.
- Password Attacks – attackers try to obtain a users’ password, thereby accessing their device and personal information.
- Zero-Day Exploit – this type of attack exploits vulnerabilities on networks, operating systems, devices and software before a patch has been released or implemented.
Are You Cyber Aware?
Ensuring that your business is protected from cyber attacks is information security 101. However, organisations of all sizes are exposed to cyber risks everyday. Large organisations often have a multitude of measures in place. However, the size and scope of the business sometimes means that vulnerabilities are overlooked or left unsecured.
Consider the NHS ransomware attacks in 2017. Over 60 NHS trusts were infected with the ‘WannaCry’ malware due to outdated operating systems!
Likewise, small businesses and sole traders are often vulnerable because they don’t take basic measures to protect their systems or devices. More often than not, they are confused about the basic actions they can take to protect their information. Luckily, there are some simple measures that everyone can take to reduce the risk of a cyber attack and implement better cyber security.
The National Cyber Security Centre (NCSC) has published guidance for businesses and individuals on effective cyber safety. Below are a handful of measures you can take today to protect your devices and information. However, this list is far from exhaustive and it is essential that you understand all your risks so that you can effectively mitigate them.
3 Simple Cyber Security Steps
- Ensure your firewalls are turned on
- Use a firewall on your router, networks and devices
- Configure your firewall
Most computers have a built-in firewall that acts as a buffer between the device and external networks. However, it is easy to assume that a firewall is turned on by default or sometimes to have 2 firewalls that are conflicting each other. Verify that you have a firewall active on all devices, networks and routers and ensure that they are configured correctly.
For workplaces, firewalls can be configured to include or exclude specific networks or websites to add an extra level of protection to company devices. This can be as strict as only allowing users to access an internal intranet or restricting specific websites such as those used for social media.
2. Email Security
- check the full email address and domain
- don’t just rely on the displayed email name
- Never click a suspicious or unverified link
- Never open a suspicious or unverified attachment
- Train staff to identify phishing emails
Phishing scams are growing increasingly intelligent! Ensure that you and your employees are aware of what constitues phishing. Never click links in an email, unless you are sure they are genuine and have come from an expected and verified source. Some forms of phishing are obvious scams and can be spotted immediately. However, ones disguised as an email from your bank, a business supplier or the HMRC can look very convincing!
Cyber attackers and scammers often set the ‘from’ email display name as something you would recognise. For example, an email may look like it is from the ‘HMRC’. However, when you hover over the email display name, you can see that the domain name is different from the authentic site.
Cyber criminals are clever and will often set up an email address with minor changes to the original. A busy office worker could easily mistake firstname.lastname@example.org for a genuine email from the HMRC. It takes minutes to click a link and input sensitive information into a fake, but very real looking, website. Unfortunately, it can take weeks or even months to recover from such a mistake.
3. Anti-Virus & Malware Protection
- Install malware protection on all devices & servers
- Use approved anti-virus software
- Configure mechanisms to run a daily scan
It is often said that prevention is better than cure. In terms of cyber security this is a well established fact. Protecting your devices and networks from being accessed in the first place is much easier than trying to repair the damage once it has been done.
Networks, servers, desktop computers; laptops, tablets; smartphones and any other device should have virus and malware protection. There are a large number of free software options for basic security. Likewise, for larger organisations or those handling larger volumes of customer or personal information, there are many paid security options to detect and isolate malware.
Installing malware protection on your devices is straightforward and usually comes with some standard settings to get you started. Many mechanisms also detect malware before you even know it is there!
Information Security Templates for Cyber Security
No matter what your size or scope, Know Your Compliance Limited have policy templates to help you. Our market leading information security policies, checklists and toolkits are used by thousands of organisations. Good business cyber security starts with effective information security policies.View our information security policy templates...