Every day you read about Cyber attacks in the headlines. It’s no secret that organizations are under attack, so it’s hard to understand why so many businesses fail to employ simple security measures. Understanding cybersecurity - and putting even a few best practices in place - can go a long way toward protecting your business.
The experts at BlueVoyant came up with a list of 10 best practices that they recommend companies of all sizes to follow. Some things are very simple. Others are a bit more complex, but worth the effort. You can download the brief here: 10 Steps For Protecting Your Company Against Cyber Attacks. Most cyber attacks begin with a phishing email intended to trick an employee into clicking a malicious link. There are several simple things you can do to stop phishing attacks from being successful. Employee awareness training tops the list. It’s never too late for a quick refresher to your employees. StaySafeOnline.org offers several tips on how to spot a phishing email.
All businesses should also create and enforce policies on the “hygienic” use of IT. Training and access are important safety measures that everyone should follow. Attackers intentionally design malware to look like routine IT operations so that when things go wrong, your employees are fooled into thinking it’s an IT issue and not a cyber attack. This gives the attackers more time inside your network. And more time means a greater opportunity to exfiltrate data, install ransomware, and wreak havoc.
Recognizing their techniques is the first step in stopping their attacks. Remember to trust but verify. It’s not that difficult to make a quick phone call or send an IM to confirm that the email is legitimate before you click the link. And you could be very happy that you made the effort.
So you’ve secured your email and have begun enforcing your security policies, but have you hardened your corporate payment processes?
Always assume that compromise of your systems and employee identities happens and put extra controls in place to ensure that only valid financial transactions can be made. Consider policies that address account access and authentication and always beware of email payment instructions.
Finally, ensure that critical data is backed up and recoverable. Ransomware is a serious threat and data is central to almost all business operations. Backing up data is not expensive or difficult to do - and the consequences of not doing it can be enormous.