Put up the best possible defence: COVID-19: Top ten cyber security tips

Cyber security criminals are using the ongoing Coronavirus pandemic to unleash a torrent of attacks designed to infiltrate businesses when they are potentially at their weakest. 

Phishing attacks seem to be the weapon of choice, with hackers sending text messages and emails to employees, encouraging them to click on the links contained within. 

If they do, the hacker can gain instant access to that device as well as the IT systems it is connected to, including those accessed for work. Once inside, they can do untold damage. 

This is why it is essential for businesses and IT managers to ensure they have the right security technologies in place to mitigate the risk of an attack or data breach. 

Below are ten recommendations that if followed will ensure your employees, IT network and business are properly protected. 

  1. Undertake a full security audit
    To identify potential flaws in your cyber security systems and processes, you need to undertake a complete audit of your current infrastructure, technologies and procedures.

    Compare your set-up with best in class IT systems to highlight vulnerabilities and areas that require improvement. From this, you can see what changes need to be made.

    It is important to engage with management, make them aware of any potential flaws and the impact this could have on the business if an attack were to happen.

    With management on-board, it is easier to obtain the funding and resources required to bring IT systems and cyber security processes up to the highest standards.

  2. Does your software need a patch
    Hackers are constantly looking for ways to break through cyber security defences and one of the ways they do this is by exploiting loopholes in software.

    This is why providers are constantly issuing updates to their software and products as they fix security vulnerabilities or bugs.

    These are known as patches or bug fixes and ensure the software is up to date and providing the protection that it is supposed to do.

    IT managers and business owners must ensure software is up to date at all times otherwise they are not fully protected.

  3. Don’t neglect email security
    Phishing scams account for around 90% of cyber security attacks and rely on the naivety of employees by sending them official looking emails containing dubious links and files.

    Make sure that email filters are switched on so they can catch any suspicious messages and educate staff regarding scam emails and what to look for.

    If in doubt, do not open the email or click on any links or attachments.

  4. Mobile security is important too
    Employees often use their work smartphones for a range of activities, from emails to phone calls, messages, accessing work files and even using social media.

    They will connect to various networks, from your office WIFI to home WIFI to public WIFI as well as mobile data from their service provider.

    This presents cyber criminals with plenty of opportunities to gain access to devices and networks, so you must put processes in place to ensure smartphones are also protected.

    This includes device passwords and encryptions, application policies, usage policies and mobile device management protocols.

    All devices used by staff need to be configured with security optimised passwords, usernames and multi-factor authentication.

  5. Protect corporate systems
    Firewalls are vital in protecting unauthorised access to your corporate network, but they are only effective if they are up to date.

    Also consider whether your firewall is sufficient to protect your business and the way you are working – some businesses have been caught out with people working from home.

  6. Regularly back up data
    Things can and do happen, which is why it is important to ensure that data is backed up regularly and stored in a secure cloud or secure server.

    You should have a strategy in place for disaster recovery as this will minimise the damage done and make sure that data is recovered fully and quickly.

  7. Put your systems and processes to the test
    Penetration testing allows you to put your IT systems and processes to the test by subjecting them to a simulated cyber security attack.

    This is a great way to identify any flaws or vulnerabilities in your system, providing IT managers and business owners the chance to strengthen their defences ahead of a real attack.

  8. Prevent unauthorised access through encryptions
    Encrypting sensitive data will prevent unauthorised persons, including hackers, from accessing it.

    It works by scrambling information, data and messages sent between two devices so that if it is intercepted, the true information is not be revealed.

    While not necessary for all communications and data sharing, it does work very well for highly sensitive data and communications that must remain private.

  9. Your staff are the first line of defence
    As mentioned above, human error is the greatest cause of cyber security breaches, whether through phishing scams or even lost devices.

    This is why it is so important to educate and train staff about cyber security and the key role they play in preventing attacks and breaches.

    Training must also be on-going and not just a one-off.

    In the short term, in order to protect and secure your business data we advise that you consider restricting user controls during this period.

  10. Work with the experts
    By following the recommendations above, you will be able to better protect your business from cyber security threats during the current crisis and moving forwards.

    Of course, to take protections to the next level it is best to work with IT management and cyber security specialists who know what best practice systems and processes look like.

 

By Simon Kelf, co-founder and CEO of BCN Group


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.