The past year has seen an unprecedented growth in cyber crime in terms of scale, global impact and rate of spread; May’s WannaCry ransomware attack alone is believed to have affected almost a quarter of a million computers across 150 countries, with victims ranging from individuals to massive corporations. We live in an age where companies of all sizes must put in place robust cyber security practices, or risk facing the consequences. Here are six of the most essential practices your company needs to employ if it to protect itself against cyber crime.
- Make cyber security a strategic priority. The security of your systems and data should stem from robust strategies. You need to understand where the risk points are, what they are, what preventative security measures you can take, and what you can do to minimize damage if you do come under cyber attack.
- Employ rigorous password management practices. Develop a rigorous password policy, and put measures in place to ensure it is enforced. Remember that this doesn’t just apply to PCs, workstations or mobile devices; the Internet of Things means there is an endless variety of connected smart devices that could present a possible entry point for a cyber attack on your business network if you fail to change default passwords.
- Remember the importance of data backup. Cyber crime can take many forms, but ransomware attacks that threaten loss of vital business data are on the rise. Minimize your exposure to data loss by backing up regularly to either a physical server (on or off-site) or ideally a reliable cloud-based data backup platform.
- Ensure regulatory compliance. Make sure your business operations comply with relevant regulations and standards such as the Payment Card Industry Data Security Standard (PCI DSS), ISO standards, and any data protection and privacy laws relevant to your industry. Ensuring compliance will strengthen your cyber security stance, and also reduce your exposure to potential regulatory or even legal censure in the event of a data breach.
- Be aware of social engineering. It’s all too easy to think of cybercrime as a highly technological activity involving complex hacking techniques, viruses, malware and ransomware. But cyber crime can also involve social engineering – any of a thousand different online, phone or face-to-face con tricks designed to fool employees into revealing sign-in details or passwords, or to otherwise compromise your company’s security. Educate your employees on how to recognize and avoid attempts at social engineering.
Keep operating systems and software up to date. Many cyber security breaches come from hackers exploiting vulnerabilities in older operating systems or software. Minimize your exposure to risk by always ensuring your systems are up to date with the latest patches. Automate this process wherever possible, and have a regular schedule to manually update in cases where it can’t be automated.
Cyber criminals are becoming ever more sophisticated in their attacks, but by following these six core principles, you can reduce your risk of falling victim to cyber crime and minimize the damage to your company and its reputation should the worst happen.