The internet is integral to our day-to-day lives at work. It helps keep us connected, generate leads for our businesses and showcases our companies to the world. As our technology and devices have become more intelligent and advanced, so have the cyber attacks used to compromise them.
Ensuring these are managed properly with trusted anti-virus software, correct processes and a trusted IT partner is essential for business success. We’ve compiled some of the key need-to-knows when it comes to cyber security and why this should still be at the forefront of operations managers’ minds when considering their IT set up.
What is cyber security?
Cyber security’s main function is to protect the technological devices we all use (smartphones, computers, laptops) and the services we access on the internet (banking, shopping and instant messaging, for example) from theft or damage.
Cyber security is the technology that keeps IT systems, devices, data and networks safe from cyber attacks. Cyber security aims to reduce the risk of attacks on technology systems and protect against the unauthorised access to or exploitation of systems, networks and technologies. It also prevents unauthorised access to the large amounts of personal information that is stored online and on various devices.
Common cyberthreats include:
- Malware – this is malicious software including spyware and viruses. Once inside or installed on a system, malware can covertly collect information or block access to key components of the network (among other things).
- Phishing – this is the sending of fraudulent communications, that often look completely genuine, to encourage people to submit login information or credit card details, or to install malware onto the recipient’s device.
- Man-in-the-middle attack – these can also be known as eavesdropping attacks, and they happen when an attacker inserts themselves into a two-party transaction. Once the attacker is in, they can filter and steal data.
- Password attack – passwords are the most common way in which our online lives are protected and how we can authenticate our own access to a variety of systems. These attacks can be by either brute-force password guessing, where some logic is used based on someone’s name, job title, or similar. A dictionary attack uses a dictionary of common passwords to attempt to gain access to a user’s computer and network.
- Other common cyber attacks include denial-of-service attack, SQL injection, zero-day exploit, and DNS Tunneling.
What are the risks of cyber security to businesses?
Changes to legislation make cyber security crucially important. The General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018 both require businesses and organisations that hold personal data to install appropriate security measures. This helps protect them from cyber attacks and unauthorised access to this data.
The GDPR sets a maximum fine of roughly £18 million or 4% of annual turnover – whichever is higher – for any infringements, but there are steps that are commonly taken before this, including warnings or a temporary ban on data processing.
In a 2018 report, the UK Government report that the average cost of a malware infection between 2009 and 2014 was in excess of £57,000.
Commercial cyber attacks can be extremely damaging for a company’s reputation, and certainly keeps a PR team busy in the aftermath. Google, Facebook, Tesco and Boots have all had major data breaches or cyber attacks in recent years, facing public backlash as a result. These breaches of personal data can cause a considerable amount of concern and apprehension for customers, who rely on their personal data and account information being protected.
What steps can businesses take to enhance their cyber security?
By working with a trusted expert when it comes to cyber security, businesses can take key steps to ensure they are putting robust protection in place when it comes to cyber security and preventing cyber attacks.
Security audit and risk assessment
By carrying out a risk assessment and determining how your current systems work in comparison to best practice can expose potential risks and help put a plan of action in place.
By combining a thorough risk examination with industry-leading security products, you can help protect your business from the threat of cyber attacks and maximise your cyber security.
Spam email filters
One of the most common ways that businesses get caught in a cyber attack is when an employee clicks on a bad link in an email. By using an email filter service, these emails can be checked before delivery and any containing potentially harmful content can be filtered out.
Ensuring team members are well-informed and understand the best practice when it comes to cyber security and recognising risks can help minimise attacks.
Office 365 protection
A lot of vital and confidential information is kept within Office 365 for many businesses, including client details, accounting records, and HR files. Maximising the security around Office 365 means that key areas of the business can carry out their tasks with confidence.
Anti-virus and anti-malware software are critical to keep work devices safe from attacks. By choosing the right product for your business’ needs, you can ensure you are maximising security and minimising your exposure to risk.
Requiring a two-factor authentication, such as by allowing access via an app on your phone or by inputting a code sent to your mobile or email, is an extra step in ensuring maximum security from cyber attacks. Along with strong, random passwords, when all the above factors are considered and implemented together, company owners, operations manager and IT teams can be confident that the right steps are being taken to protect the technology and networks of a business from any type of cyber attack.
Need to review your cyber security set up or think there are areas that could be improved or enhanced? Here at Boldfield we can ensure you’re good to go with our extensive range of security advice, services and support. Contact us by phone or email here – we’d love to chat through your company’s needs.