Whether your business is a large corporation or a small startup, cybercrime is a very real and very serious threat. With so many businesses going digital, cybersecurity is absolutely essential for almost every company.
According to a survey conducted by the government, between 2019-2020, almost half of UK businesses (46%) reported cyber security breaches or attacks. This suggests that not enough is being done to protect companies’ confidential data and put a stop to criminals who set out to extort money. Fortunately there are steps you can take to improve the cybersecurity of your business.
In this guide, we’re going to be looking at the best ways to protect your company devices from cybercrime.
Protect Against Malware
Malicious software, or ‘malware’, is an intrusive software that is designed to cause damage to a device, server or network and can lead to large amounts of data damage. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware, and ransomware.
In order to prevent criminals gaining access to your company devices via malware, you need to have the right preventative defences in place:
A firewall is a computer network security system that restricts the internet traffic in, out and within a private network. Firewalls are important because a network without protection is vulnerable to harmful web traffic, so blocking suspicious intrusion is the first line of defence when protecting your network.
Anti-malware is a type of software that protects against malware. There are a number of packages available online that cover different types of cyber threats, so it's important to get one that can deal with all kinds of suspicious activity.
However it's important to note that there are even hackers out there who develop software to look like anti-malware when it is in fact malware itself. These are called Trojans, a term derived from the Ancient Greek story, The Trojan Horse.
A large percentage of cyber attacks come from phishing and spear phishing emails. Phishing emails are usually sent to a large number of recipients and are designed to look like an official email by well known companies. They include messages and links with the aim to get the recipient to click e.g. “Your delivery has been delayed, click here for details”.
The link typically leads to a fake website where the recipient is asked to enter their personal details such as names, addresses, usernames and passwords which are then sold on the black market or used for fraud/identity theft. Alternatively, the link will automatically download malware onto the device.
Spear phishing emails are often more personable and sent to fewer recipients in order to get a response. They usually attempt to communicate with the recipient with the aim of either infecting their device with malware or tricking them into sending money.
They usually target vulnerable and unsuspecting victims whilst purporting to be a trusted sender and use information they have gathered about them to appear more believable e.g. The victim may have Tweeted about booking a holiday to Portugal. With this information the criminal may pretend to be the airline company asking for more money for ‘early seat booking’.
By implementing anti spam software, you can help to prevent unwanted emails from lumding in your employees' inboxes and by educating your employees about phishing emails, you can reduce the risk of attacks on your business. Make sure to make staff aware of what phishing is, the different types of phishing attacks, the risks it poses to individuals and the company and the steps to take when identifying an attack.
Keep Your Devices Updated
Computers and other digital device developers are constantly releasing software updates to fix bugs and improve security. Whilst it’s often easy for staff to dismiss update requests and notifications, software such as Adobe, Java, anti-ransomware and anti-malware should be updated regularly to ensure your computers are defended against the latest hacking techniques.
By setting up automatic software updates, you can ensure all of your devices are receiving the latest updates without needing the user to manually update them themselves which can be time consuming and inconvenient during working hours.
Having robust passwords on company devices is crucial for defending against cyber attacks. Unfortunately, many people fail to set effective passwords, making their device vulnerable to cyber attacks.
In 2020, the most common passwords were:
These passwords are very easy to guess and give hackers access to your data in a matter of seconds. In order to make your password more robust, it should contain a combination of the following:
- Alphabet characters (a-z)
- Numeric characters (0-9)
- Special characters (# ! % ? * etc...)
Password Dos and Don’ts
- DO pick a password you can remember so you don’t have to write it down
- DO change your password as regularly as every 60-90 days
- DO use a mix of uppercase and lowercase letters
- DON’T include part or all of your username, first name or last name.
- DON’T include your favourite hobby (these are common passwords)
- DON’T include obvious words such as names, birthdays, pet names or cars.
- DON’T share your password
- DON’T use alphabetic or numerical sequences (abc..., 123...)
It is also worth using ‘passphrases’ instead of passwords. These tend to be a minimum of 16 characters long and are less predictable than short passwords.
Protect BYOD Devices and Devices at Home
Bring Your Own Device (BYOD) policies are becoming more and more common within businesses as workers claim to find it easier to work from their personal devices. Additionally, since the coronavirus pandemic, many employees were made to work from home (WFH) using either their own device or a device of the company which they were able to take home.
Of course, with these different styles of working come additional security threats which is why it's essential to have a policy in place when it comes to BYOD and WFH.
Some of these threats include:
- User-initiated deliberate data loss or sharing e.g. an employee copies data from a work app to a personal app.
- Accidental data loss or sharing e.g. device backups containing work data, other family members/partners have access to device and access work data
- Malicious exfiltration of data (malicious apps leaking data that the employee has consented it to access)
- Malicious exploitation of devices as a result of weak security configuration e.g. no data at rest encryption leading to data extraction
- Higher likelihood of unsupported or out of date devices that are more vulnerable to security threats
- Malicious exploitation of devices remaining undetected due to a lack of monitoring, potentially leading to further spread of malware.
Once you have considered all of the risks associated with BYOD, you should start to think about some steps you can take to reduce them.
For example, you may have a rule in place that states any personal devices used for work must use a separate login account to prevent work and personal data being mixed up and to prevent others from accessing it.
Another rule you may wish to have in place is that devices must have certain anti-malware software installed on them and all software must be kept up to date.
You might also wish to have a policy in place that gives you certain control over the information kept on the device. For example, they must consent to giving you permission to wipe the device or the sensitive information kept on it should there ever be a security breach or if the employee leaves the company.
Similarly, when devices have been taken home from work in order to work remotely, you may wish to have certain rules in place about exactly what the device can be used for e.g. the device must be used for work purposes only.
It is also important to have the right kind of insurance in place to protect the devices physically should anything happen whilst they are away from the office e.g. if an employee’s family member accidentally breaks a device.
Implement Cyber Security Management
As cyber threats evolve, organisations often don’t have the time, expertise or resources to evaluate their defences in a holistic manner in order to maintain an effective IT security environment. Fortunately, DMS has the solution for you.
At DMS, we can take care of all your cyber security needs. Our Cyber Security Health Check will provide your organisation with a professional assessment detailing the maturity of your security posture.
Depending on your scope of requirements, a DMS Healthcheck can be a combination of technical, logical, process-related and physical inspection services, including interviewing of key personnel on both focussed and broad reaching aspects of information security covering 400+ security controls against Cyber Security Essentials Plus, CIS Standards, ISF Standard of Good Practice and ISO27001.
Did you know that the inconspicuous photocopier sitting in the corner of your office could be a data security issue? Not only can we protect your computers, but we have a set of security features to keep your printers and copiers secure.
If your multifunctional device is from DMS, our team of experienced product trained data security technicians can securely protect your MFD/printing device. This can be done on your premises or prior to delivery. Once DMS SECURE safeguards are in place, you can be sure your print data will enjoy uncompromising security protection. Your multifunctional device and its hard drive (HDD) will be protected to ensure your data is more than just secure – they’ll be DMS SECURE.
For more advice and information, why not check out some of our other helpful guides or get in touch to discuss what our services can do for you.