Cyber attacks are on the rise. Here are five ways to manage the risks and protect your data.
With more people working remotely, cyberattacks on vulnerable networks are increasing. But there are simple steps you can take to keep your business data safe.
The COVID-19 pandemic has transformed the way that many of us live and work. Increasing numbers are now working or studying remotely.
While this change has brought many advantages, we’ve also seen a rise in cyber attacks, often using ransomware. These attacks leapt by an incredible 485% in 2020 compared to 2019, according to the experts at Bitdefender.
Attackers take advantage of new vulnerabilities in the ways that people now access the networks they need to work and study. Where they once might have connected directly on-site to a network with an effective firewall, users are now often using their own devices and networks at home or on the road, with much weaker security.
So given the dramatic rise in attacks, how can you manage the risk and protect your data?
1. Invest in staff training and awareness
Training your teams and raising awareness about cyber security is your number one weapon against attacks. Helping your teams to understand the importance of protecting your data, as well as giving them the tools and knowledge they need to counter any potential threats is the most important investment you can make. Cover everything, from remembering simply to check links before clicking on them, to understanding when it is and isn’t ok to share sensitive data digitally.
2. Plan and test your disaster recovery process
Hopefully, most organisations have moved on from simply backing up their most important data on a CD and taking it off-site at the end of the week. However, many still have a backup system that isn’t fit for its purpose.
In the event of an attack or a major system failure, do you know how long it will take to get back up and running again? At normal business broadband speeds, it could take days for you to restore large data backups from a remote server. Can you afford to be offline for that long? Make sure that you have invested in a data recovery system that meets your needs – and test it regularly.
3. Increase password strength
Change your passwords regularly. And be smart about how you create them. In general, longer is better. One of the best ways to create a strong password is to use three random words together. Obviously don’t use words that can be guessed, but you should find that using real words helps you to remember them more easily too. Add numbers or symbols and mix upper and lowercase letters to make them even harder to crack.
4. Multi-Factor Authentication (MFA)
We also recommend using Multi-Factor Authentication (MFA). MFA asks anyone trying to access a password-protected account to prove their identity with at least two pieces of evidence from three different sources:
- Something you know – (for example a security question, like your first pet’s name)
- Something you have – (for example a code sent to another device, like your phone)
- Something you are – (for example facial recognition)
MFA makes your systems more secure, as it‘s unlikely that all three of these categories could be compromised in a single attack.
5. Protect your endpoints
Phones, tablets, laptops: in a hybrid working environment, your people are accessing your networks in all sorts of new and potentially insecure ways. ‘Endpoint protection’ is key, so make sure that the devices your people are using are protected with up-to-date software to keep your core systems safe.
6. Keep your software up-to-date – and install a firewall
Software updates are there for a reason. As in any industry, hackers innovate and software companies are constantly updating their systems in order to meet each new threat.
Ensure that all of your software is up-to-date, and also keep your most precious data behind a firewall. This will prevent anyone from accessing your data via a simple ‘brute force’ cyber attack.
To find out more about how our cyber liability insurance products and services can help you to mitigate the risks of an attack, call us on 01274 515 747 or email us at firstname.lastname@example.org