Cyber security fears such as the Marriott hack in November 2018 have been dominating recent news, which is no surprise, considering Marriott endured a data theft of its 500-million strong customer database.
Understandably, cyber attacks can cause huge implications for businesses, obliterating trust and driving down sales. The fact is, as technology becomes increasingly sophisticated, so do hackers; as they use valid credentials to make it difficult for businesses to detect them.
The Ponemon Institute Study found that almost two-thirds of those surveyed said they lacked confidence in their organisations’ plans to prevent a cyber attack, and if you don’t have staff members on-board, it can be hard to put a strategy in place that is followed by everyone.
However, it’s crucial that your security strategy is sound, to prevent your customers’ data from being hacked into. If you’re wondering how to do just that, then read on, as we offer actionable advice on how to prevent cyber security attacks through a solid prevention plan.
Show your commitment to cyber security
The UK Government introduced the Cyber Essentials scheme in 2014, which essentially helps companies improve their cyber hygiene. Whilst it’s essential for any businesses who are bidding on government contracts; it’s advantageous for any business, as it’s thought to reduce the risk of an attack by 80%.
Businesses who choose to go through this scheme get a certificate at the end, which highlights their commitment to protecting data from cyber threats, helping to gain customer trust.
You can either self-assess, or go through a cyber essentials certification body like ourselves. Choosing between Cyber Essentials and Cyber Essentials Plus, you’ll get to learn more about malware prevention, firewalls and up-to-date software; with us there to guide you every step of the way.
By assessing your current cyber hygiene, you’re one step closer to preventing a cyber attack, whilst reassuring your customers that you take their security seriously.
Don’t forget the basics
Whilst it’s great that you’ve gone through the Cyber Essentials scheme, if you’re wondering how to prevent cyber attacks, then don’t forget the basics.
As part of your cyber attack prevention plan, get into a routine of running regular maintenance and audits. By regularly performing patching and updates, you are taking steps to avoiding a scenario like WannaCry, which was the ransomware that exploited unpatched Windows systems, and shut down hundreds of thousands of computers worldwide, demanding ransom payments.
Avoid legacy systems such as Windows XP, as these don’t receive updates, which makes them more vulnerable to an attack.
Interestingly, over 70% of data breaches in SMEs are due to internal vulnerabilities, which includes employees failing to follow procedures, and a general lack of expertise. In fact, 36% of breaches are down to employees misusing data.
Take the time to audit user privileges for your employees, and make sure only the relevant people have access to specific servers and drives. For example, only a small number of staff will need to access your HR files. Not only could this increase the chance of a possible breach of GDPR standards, if there are more people that have access to this confidential information, the less chance you have of preventing a cyber attack.
Raise awareness amongst your teams
Awareness should underpin any cyber attack prevention plan. SMEs are typically targeted via phishing or impersonation, with the end goal being to extract financial data or currency. If individuals haven’t had the right training on spotting unusual behaviour, then it can be much easier for hackers to target them.
If you haven’t already, set up cyber security training for your employees – whether it’s conducted by yourself, or an external provider. The key is to raise awareness of cyber crime, and how to stay vigilant.
To be effective, the training should cover the risks and repercussions if your company were to be hit by a cyber security attack, in addition to spotting tricks that hackers use.
For example, highlighting to employees that grammatical errors and email address that don’t match the sender can help them to spot malicious emails. You should also set up a mandatory rule where employees must create strong passwords, unique for each site and system they use.
Whilst no defence strategy will ever be watertight, educating employees and having the correct prevention methods in place will help to reduce the risk of human error.
Adopt a layered prevention approach
Proactive technology such as managed security packages and dark web monitoring solutions can help you monitor threats and any compromised user credentials, so you can intervene and stop a cyber attack before it occurs, or minimise the damage. By combining human and artificial threat intelligence, these monitoring services can find your vulnerabilities, making them a key part of your cyber attack prevention plan.
Business-grade security solutions can protect your network and users from would-be attacks including anti-spam, anti-virus, and business grade firewalls. It’s important you invest in a layered defence strategy: the more comprehensive your set-up, the less chance an attack can succeed, due to the various layers it has to pass through.
Whilst there are free products out there that claim they can keep malware off your PC, avoid using these. Windows Defender for example, doesn’t stop adware or Potentially Unwanted Programs (PUP), and it also isn’t as accurate and effective as other, more sophisticated tools are.
The cost of investing in these prevention tools are well worth the reassurance of digital safety, and are much less than the cost of a cyber attack on your business.
Create a recovery plan
Whilst it’s important to be proactive, you’ll also need to develop a recovery plan, in anticipation of a disaster or downtime. Sadly, 60% of companies that are victims of a cyber security attack go out of business within the following year.
While the news features the big names like Equifax, NHS and Sony, unfortunately behind the scenes are the SMEs, who are suffering the consequences due to not having a solid cyber attack prevention plan.
GDPR legislation states that all businesses must have a plan in place to restore data, whether it’s through simple data loss, file corruption or cyber attacks. If you don’t have a business continuity plan, then it’s time to prepare one. You can also seek Disaster Recovery as a Service (DRaaS), which will protect your critical data, and enable you to start operating again after a disaster.
Whilst there is no one singular solution to deterring cyber criminals, if you were questioning how to prevent cyber security attacks, hopefully you can now see that a prevention plan is key. Training employees, running regular updates and protecting your data are essential parts of preventing your business from a hack attack.