09 Nov Cyber Security and Your Organisation
The modern world is a technical one, with the world of work relying almost entirely on technology to operate at a level at which we have all become accustomed. It’s due to this that cyber criminality has risen so sharply over the last year or so – with the world being so technologically dominated cyber security should be at the very top of your business concerns. Most of the population has access to devices that are internet connected – in fact, most have many, and therefore everyone should have at the very least a basic knowledge of cyber security and their role in defending their internet connected devices from cyber crime. There is an argument that the concerns you have over the security of your cyber landscape should override the ones you have regarding your organisation physically, although many business owners are oblivious to how important cyber security is. Would you leave the front door open all day to the elements? No! So why do you do the same with your technical landscape?
Cyber criminals aren’t stupid. They have noticed the rise in web connected devices in the hands of people that frankly aren’t educated enough to handle them safely and so are taking the opportunity to attack. They are also drawn by the perceived anonymity that comes with cyber criminality, and believe that robbing someone from the comfort of their own room is better than walking into a shop and doing it in person.
In the remainder of the article, we will highlight the different methods used by cyber criminals to target your organisation. We will then explore some of the cyber security fundamentals that can help stop cyber-attacks in their tracks.
The methods of attack
A Ransomware attack works by locking and encrypting your data. The cyber criminals then demand a ransom under the promise that they will return your access and then leave you be. Cyber criminals use urgency to force you into paying the ransom – they set time limits on payments and threaten to delete the files if payment isn’t paid promptly within the demanded time limit. This – understandably – often leads business owners to pay the ransom. Your data is practically invaluable so that ransom is considered to be fair enough by some, but do you really think you can trust a criminal to give you your access back? Of course you can’t! Paying would be a big mistake – by doing so you are simply letting the cyber criminals know that you not only have the funds to pay but are also willing to do so.
Phishing attacks also involve deception. A cyber criminal will pose as someone else – usually someone of authority from a trusted source, such as a bank or perhaps even management. They perform this ruse in fake / fraudulent emails in order to gain access to private information. Phishing emails are the vessel for the malicious links that are the catalyst of the cyber criminal’s attack – the combination of taking a false identity and the forced time sensitivity, unfortunately, forces the user into making a decision on a whim instead of taking their time to evaluate their options as is best practice. The user – believing the ruse could be disastrous – will click on the malicious link and inadvertently be granting access – or perhaps even control – to the cyber criminals.
Smishing is simple to understand and is exactly the same as a Phishing scam – the only difference is that they don’t take place via email, but are instead performed via SMS messaging.
Malware is designed with the intention of causing damage, chaos, and ultimately stealing data. Malware attacks – unlike other cyber-attacks – are often carried out by a group of cyber criminals as opposed to an individual, when their aim is to make money by selling the software on the Dark Web for other cyber criminals to use, or instead by spreading the Malware directly themselves.
There are many different types of cyber attack, but the few we explored are by some way the most common and the ones that you and your team are most likely to be combatting daily. This being said, all cyber attacks have the power, if severe enough, to completely incapacitate your business – not just the most common ones. You must work out a course of action and stop them in their tracks at the first available opportunity, so your systems and – most importantly – your team need to be equipped with the tools and knowhow needed to beat them.
We will now explore some of the cyber security fundamentals that will allow you to sleep easy knowing that should a cyber-attack be attempted – or, in the worst-case scenario, be successful – your business can continue operating as normal.
Cyber security fundamentals
Good data backup
With cyber-attacks becoming a more common occurrence than they ever have been before it is integral that you have a good backup strategy in place – having one will ensure your IT systems and data are safeguarded in the eventuality of attack. This is of the utmost importance, because without them your business will stop operating and, in turn, fail.
We recommend the 3-2-1 backup rule. It is simple; you need there to be three copies of your data at all times; two need to be on separate storage media and one should be stored offsite for disaster recovery purposes. With three copies of your data spread out in three different locations you can relax and have peace of mind knowing that, no matter the circumstances, there will always be a way to continue working.
Cyber security centres around risk management, and data backup is by far one of the best tools to ensure you achieve it – you must make it possible for your team to carry on working even once the attack/ disaster has taken place – a cyber attack isn’t considered to be a good enough reason to stop operations in their tracks. As you know, customers aren’t the most forgiving of individuals – they don’t care if you have been subject to a cyber attack, and will still want their expectations met despite the problems that are occurring behind the scenes.
Good quality secure passwords should be a staple in daily life in the modern world – we use them every day. We have all heard the recommendations – it is bad practice to use recurring numbers, symbols, or sequences, and 12345, or ABCD are NOT good enough. Good passwords have no relation to you at all, but are completely random and difficult to remember – but not too difficult that you forget them yourself.
Teach your team to follow these rules when creating passwords to ensure that they are working as securely as possible. Following these rules allows them to put up a good fight against the cyber criminals.
- When it is available use multi-factor authentication.
- Approach the password with this in mind – if it is too easy to remember then try again. Avoid easily recalled sequential passwords and recurring numbers (such as 1234, 6789) – think outside the box a little, and be obscure.
- Wherever possible, make sure your password is over 10 characters long and contains a combination of letters and numbers – the longer the better when it comes to passwords.
- Vary your passwords, use upper- and lower-case letters randomly. For example, rather than putting a capital letter at the beginning like everyone does perhaps put it at the end or even at random points throughout. As we said the more obscure the better (cYbErSeCuRiTy).
- Periodically change your password; often accounts are hacked unbeknownst to the account holder.
With passwords being the front line of your defence against cyber attacks they are arguably the most important of all – however, users often don’t see them this way, instead they’re seen as an inconvenience and we can’t blame them Logging on and off often can be tedious if you are typing out a long complicated password every time, due to this they make them easy to remember and input – do not do this. Safeguarding data is more important than anything else. The inconvenience should be viewed as just that – an inconvenience. Always choose long, hard to remember passwords every time – the security of your system takes priority always.
Managing permissions is important – very important, in fact, as if a cyber criminal successfully breaches your system due to a lack of – or poor standards of – access permissions this could result in data loss or theft. Alternatively, in some cases deliberate changes are made covertly to your security settings which will present opportunities for better organised, prepared attacks a later date.
Anti-Malware software is a must for all your laptops and computers, whether they are at home or in the office. Most operating systems come with a free version – we know it is great that the vendor offers you something for free to defend your systems but in reality these free defensive measures are usually futile against the civilised attacks that cyber criminals are able to perform today, so you must replace them immediately with better equipped versions.
This one can seem very confusing – you are trying to avoid your data being encrypted by a cyber criminal, which is the entire aim of all these cyber security measures, so you need to encrypt it first. Confused? I would be surprised if you weren’t. Encrypting your own data doesn’t sound like the right thing to do, but encrypting your own data is completely different from a third party doing it without your permission. Data encryption works by scrambling the readable text of your files and documents so they can only be read by ‘key holders’ that are chosen and granted access by you. Get there first, encrypt your data before the cyber criminals can.
We hope that this article has highlighted the importance of cyber security in the modern technological age. Now that you know the most popular methods of attack used by cyber criminals and some of the best ways to fight back against them, we hope that your cyber landscape can be safer and you and your team can move into the future confident that your systems are prepared for a potentially business debilitating cyber attack.
Modern technology to help you thrive securely
Technology is pivotal to your business and we want you to understand the value it provides when it is allowed to work seamlessly with your operations on the most updated tools available. Apogee values transparency and simplicity – we provide the IT support you need when you need it. Within this support is the guarantee that your technology is secure against all manner of cyber threats, that it is operationally beneficial to the way you run your business and is always updated to the latest version. We will work alongside you and guide you into a secure, brighter future with technology as your ally. Contact us now to find out how we can help you.