Protect Your Workplace from Cyber Attacks

  • HIBP
  • November 02, 2019
  • No Comments

As recent data breaches indicate, businesses of all types, sizes and in all locations are at real risk of a cyber attack at any given moment. Latest figures have shown that cyber crime affected 3.72 million people in the UAE in 2017– costing the country almost AED4 billion. In reality, there are just five specific steps that all companies need to follow to effectively protect against cyber attacks: secure your hardware, encrypt and backup all your data, encourage a security-centered culture, use robust firewall and anti-malware software, and invest in cyber security insurance.

Here’s how to put these steps into action.

Secure your hardware
With so much attention given to acquiring the newest and most sophisticated types of cyber security software, safeguarding the security of company hardware is often overlooked but the loss or theft of devices is a real threat to be aware of. Begin your cyber attack prevention strategy with the basics: protect all devices with a complicated password, share that password with the device user only and commit it to memory instead of writing it down in an easily accessible place. Do not overlook the effectiveness of physically attaching computers to desks. This is a simple, yet effective way of preventing intruders from walking away with company equipment and the sensitive data they hold.

Finally, install ‘find my device’ software on all laptops, phones and tablets. By doing so, equipment that is stolen can quickly be located by the authorities.

Don’t overlook safeguarding company hardware 
Data breaches commonly occur due to stolen equipment and so safeguarding your hardware is an easy strategy in improving your company protection from a cyber threat.

Encrypt and back up data
An effective cyber crime protection strategy must consist of two elements: preventing physical access to sensitive data and rendering that data useless if it falls into the wrong hands. Companies can achieve the latter by always encrypting their data. As highlighted by researchers in the International Journal of Advanced Computer Science and Applications, data encryption remains the ‘most efficient fix’ for data breaches, should they occur. Be sure to encrypt all sensitive data, including customer information, employee information and all business data. Full-disk encryption software is included in virtually all operating systems today and can encrypt all the data on a desktop or laptop computer when it’s at rest.

Also check that this software is activated and updated on all company devices. And minimise the amount of time a computer sits unused and unlocked by setting all devices to automatically enter ‘sleep’ or ‘lock’ mode after five minutes of no use.

Stay ahead by backing up data and storing it separately 
After encryption, backing up all data is another key way of protecting yourself from security breaches. With ransomware hackers locking companies out of their systems, encrypting their data and asking for a ransom to be paid before releasing the data, you can stay one step ahead of them by backing up all of your data and storing it separately.

Invest in cyber security insurance
Because cyber criminals continue to work tirelessly to find ever more advanced ways of breaching security defenses, even the most security-conscious businesses remain at risk of an attack. US research into the cost of data breaches has shown that in 2017, the global average cost of a single data breach event was USD 3.6m – equivalent to USD 141 per data record. The losses that can be incurred from data breaches are best mitigated by investing in cyber security insurance, yet only 9% of UK businesses and 15% of US businesses have this type of insurance, according to the UK Department for Digital, Culture, Media and Sport, and the US Better Business Bureau, respectively.

Seek specialist advice for cyber security insurance 
Minimize your risk by seeking specialist help to select the best type of insurance for your company, based on your risk of attack and the financial impact of such an event.

Create a security-focused workplace culture
Employees are the most common cause of data breaches as many don’t recognize external threats when they occur or have a good understanding of the daily actions that leave a company vulnerable to a cyber attack. For example, the UK Cyber Security Breaches Survey 2018, carried out by the UK government and Portsmouth University found that 43% of UK businesses have experienced a cyber security breach or attack over the last 12 months, with only 20% of UK companies offering training to staff within the same time frame. Such breaches were more common in businesses in which staff members use their personal devices for work. Businesses need to ensure sufficient security training and education for staff remains a key focus, but where to begin?

Educate staff on the dangers of unsecured networks 
Banning employees from using their personal devices for work may seem like an obvious approach, but this strategy seldom works in the long term. As staff members grow tired of the inconvenience, they are likely to return to accessing work on personal devices, regardless of policies prohibiting this.

It is therefore more impactful to teach staff how to use both their personal devices and work devices in a way that minimizes the risk of being hacked. Top of the list should be educating them about the risks associated with using unsecured networks to access work information.

This should include clear definitions of what unsecured networks are, and where they are commonly found such as in coffee shops, airports, hotels and so forth. And then how to verify if a network is secure (secure networks require a key/password to access them).

Teach avoidance of unsecured websites 
Staff members should be taught about the importance of never accessing unsecured websites on work devices because this gives cyber criminals direct access to sensitive data that is stored on that device, as well as browser histories and passwords.

Discourage password sharing 
Employers can create a security conscious culture in which password sharing seldom happens. By not only educating staff members on the risks, but also by leading by example and never sharing passwords or asking staff members to temporarily log in guests, contractors and new hires.

Using protocols, such as creating temporary passwords for contractors or expediting the onboarding process for new hires, will also help to minimize scenarios in which password sharing is needed in the workplace.

Restrict network admin rights  
Restricting IT admin and access rights to a small handful of users is invaluable in minimizing the risk of data breaches as employees cannot give away information they don’t have access to.

Always entrust this information to a key figure in your IT department and ensure that (s)he is adequately trained on the safe and encrypted storage of this information.

Businesses are vulnerable without employee education 
Highlighting the need for employee education on the types of daily actions that leave a business vulnerable to cyber attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »