Technology has transformed the modern workplace. From remote working to cloud-based apps and systems, more businesses than ever, including small and medium-sized businesses (SMBs), are harnessing the power of the Internet and digital technologies to improve productivity, boost efficiency and maintain business continuity.
While innovation has made universal access to the workplace possible from anywhere in the world, it comes with its share of threats. Cybercriminals are waiting and ready to attack vulnerable systems and users online. According to the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, about 66% of SMBs globally have reported a cyberattack in the past 12 months.
With new risks coming to light each year, it is vital to step up the efforts to protect your business and employees from the threat of cyberattacks. Here are some useful tips for keeping your business and employees safe online and securing your systems.
Prevent Ransomware Attacks
Ransomware attacks more than doubled last year with over £3.7bn paid out in ransom. Ransomware attacks are designed to disable or illegally take over business systems in exchange for financial payments, disrupting businesses and causing heaving financial losses. Cybercriminals are known to use a range of tactics, including phishing, to gain access to systems. Once in, it's only a matter of time before data and systems are compromised and users find themselves locked out.
Ransomware attacks typically involve getting users to click on malicious links or attachments which could be PDF, ZIP, Word document, Excel spreadsheet, etc.
TIP: Beware of suspicious emails or SMS. If you are not expecting it, don't know the sender or doubt the source, resist the temptation to click on potentially unsafe links or attachments which could open up access to cybercriminals.
Secure Systems Against Malware
Malicious software, or malware, enables cybercriminals to attack systems and networks by installing on to a user's device without their knowledge. Malware can often be hard to detect and opens up access to personal and business information. The most common types of malware include viruses, spyware and Trojan horses. The best defence against malware is installing anti-virus software and ensuring systems are updated regularly.
TIP: Set up your devices, operating systems and apps to automatically install updates to make sure you get the latest security features that repair known security holes and help protect your systems against viruses and malware.
Beware of Social Engineering
Have you ever experienced an email asking for personal information or telling you that your account is at risk unless you provide login details? This is social engineering and involves cybercriminals psychologically manipulating unsuspecting users into divulging confidential information online. The best way to pre-empt a social engineering attack is through awareness, looking out for suspicious activity and about knowing who to trust with personal or business information.
TIP: Check before sharing any sensitive information online. Ask yourself these three questions: Does this look/seem/appear legitimate? Do you really need to provide this information online? What are you risking by providing information?
Use Unique Passwords
The number of accounts and devices which most people use daily usually means that a majority of people end up reusing their passwords rather than trying to remember several different ones. This could mean that employees often use the same or similar passwords for personal and business accounts. This could be dangerous because if one of the accounts is compromised by cybercriminals, it could mean all your accounts and all the information they hold become very easily accessible.
TIP: Use unique passwords each time and make sure they are a combination of letters, numbers and characters. Strong passwords avoid using obvious personal information which can be easy to ascertain or guess, such as date of birth, the first line of home/office address or pet names.
Adopt a Comprehensive Company Policy
A company cybersecurity policy outlines the guidelines and best practice for your employees to follow to ensure they are protecting their systems and keeping your business secure against the threat of cyberattacks. Company policies are vital for driving the message from the top and raising awareness amongst your employees.
TIP: A comprehensive company cybersecurity policy should include the following:
- Importance of cybersecurity
- Detecting key cyber threats such as phishing and ransomware
- Applying security updates and patches
- Locking computers and devices when not in use
- Reporting lost and stolen devices
- Protecting data and Personally Identifiable Information (PII)
- Applying privacy settings for social media
- Effective password management
Train your Staff
One of the key messages of the Safer Internet Day focuses on empowering employees to confidently respond to cyber threats through clear advice and quick access to support if things do go wrong. This includes training your workforce and developing their knowledge on the cyber threats facing them.
TIP: Invest in training and development programs which offer a comprehensive curriculum of training courses on cybersecurity and keeping information secure so that your employees are aware of the threats facing them and equip them with the knowledge for acting against threats.
How Can We Help?
As global specialists in compliance-focused training and development, we understand the importance of creating a compliant workforce and equipping your employees with the skills and knowledge to make the right decisions.
Find out how we can help you keep your business and employees safe online through our online Cyber Security Training courses. From comprehensive courses on Data Protection and Information Security to multiple bitesize micro-learning modules covering cybersecurity issues including phishing, password setting and social engineering.