According to government statistics collated as part of the Cyber Security Breaches Survey, around four in ten businesses and a quarter of charities have reported cybersecurity breaches over a twelve-month period. This is an underestimate of the true extent of the problem, undoubtedly – since many cyberattacks go unreported.
Cyberattacks expose businesses to financial and legal consequences, which often require that outside expertise be brought in.
In the age of home working, it’s more important than ever that businesses take their cybersecurity seriously. There are several steps we might consider crucial. Let’s assess the most important of them.
Backup Sensitive Data
The loss of certain kinds of data can be crippling for business. That’s why it’s vital to put procedures in place to back things up automatically. In most cases, this means storing data securely on an encrypted, redundant server. This way, if there’s an attack and data is compromised, you can be confident that it can be recovered.
The weakest security link in most organisations is usually staff. Staff are vulnerable to phishing attacks. They can be hoodwinked into giving away crucial passwords and installing dangerous trojan viruses which might provide attackers with a backdoor into the business’s systems. The best way to guard against this problem is to make security awareness part of the culture of your business. Provide regular training, and make sure that security is part of the induction process for new members of the team.
The best way to determine whether your business’s cybersecurity practices are fit for purpose is to test them. You can do this internally, or you can bring in a third-party auditor to identify any security weaknesses. Auditing shouldn’t be seen as a one-off fix, but a regular process through which your business can be made resilient against potential attacks.
Insure your Business
Insurance won’t be able to bring back lost data or restore your damaged reputation – but it will help you to absorb some of the direct financial impact of a data breach. Look for specialised insurance that will deal with all of the adverse consequences you might suffer.
Restrict BYOD policies
Bring Your Own Device policies are especially common today, especially in hybrid workplaces where staff are expected to work remotely using laptops. But where devices are being used in multiple places, they can present attackers with a means of gaining access to sensitive parts of your company’s network. By limiting the devices people can use for work, and using virtual private networks, you might guard against this.