Cyber Threats: What can I do to protect my business?
Last Friday, the NHS was brought to its knees in a global ransomware attack that affected more than 200,000 individuals in 150 countries. The 47 affected trusts have since started to recover from the malicious actions of hackers, who have demanded a ransom for the stolen information, but questions are now being raised about the NHS’s – and other organisation’s – vulnerability to cyber-attacks.
With the possibility of more hackings emerging in coming weeks, and businesses being given a wake-up call to the very real threat of cyber crime, Nigel Griffiths, chief operating officer at Certus TG, outlines what steps businesses need to take if they fall victim to hackers, and what measures can be implemented to prevent similar attacks happening in the future.
What do I do if my organisation has already been hacked?
Notify cyber experts;
“If your business has already fallen victim to cyber criminals, time is of the essence to find out what information has been stolen or compromised, and how the hackers infiltrated your system in the first place. Bringing in skilled cyber experts at the earliest opportunity is crucial to minimising risk – not only can they identify malware entry points and stop new and emerging threats in their tracks, but they can also implement preventative measures to ensure attacks of a similar kind don’t happen again.”
File a report with the authorities;
“Businesses should always file a report with ActionFraud, the UK’s national fraud and cyber crime centre. Although not all cyber-attacks will be investigated, the information you provide will allow the police to build intelligence to help catch cybercriminals and protect society against future cyber threats.”
Think before you pay a ransom;
“Cyber experts will always advise victims never to pay a ransom for stolen information. Not only is there no guarantee that you’ll get your data back, but you’re also fuelling the cyber crime industry in the process. This decision is, of course, at the discretion of the affected business but you really are rolling a dice if you decide to pay.”
Update your employees;
“Staff need to be made aware of the attack so that they can remain extra vigilant to further threats. Until cyber experts have identified where the hackers broke through security defences, employees can continue to report suspicious email attachments, links and websites for investigation.”
Restore your files;
“Unfortunately, most businesses that are hacked rarely retrieve their stolen information, so it’s important that you have already backed up your files so that business can continue as usual.”
How can I prevent future cyber-attacks?
Keep your computer software and security systems up-to-date;
“Hackers are becoming increasingly sophisticated when it comes to infiltrating technology, therefore it’s vital that your security software is regularly updated so that new prevention techniques can ensure threats are identified and extinguished before they cause any lasting damage.”
Always back up your data;
“The majority of companies will have an IT strategy in place which involves backing up important information, but businesses without these measures are unnecessarily putting themselves at risk. There are plenty of cost-effective ways to back up information, including using hosting services and storing information in heavily protected data centres.
“Microsoft Office 365 is a popular software used by companies across the globe, as it allows users to store information in the Cloud and use it remotely. Many businesses believe that because information is in the Cloud that it must be backed up, but that’s simply not the case. Microsoft cannot guarantee a full recovery of lost data, so investing in additional backup products like C-Assure 365 can give businesses more protection.”
Invest in robust IT systems;
“Using sophisticated security software packages with firewalls, anti-virus and anti-malware that can instantly detect and block security threats, will provide businesses with a first line of defence against criminals and will help prevent future breaches.
“Cloud encryption systems are also a popular and cost-effective method used to protect business data from external attacks, as the information is encoded using a complex algorithm, which can only be decoded using an encryption key. Although it’s still possible for hackers to crack the data, the encryption key makes it more difficult and they do not generally have access to the large amount of computer processing power they would need to do so.”
Have a cyber consultancy to hand;
“Some cyber breaches are harder to spot than others, so having IT professionals skilled in identifying and pre-empting cyber-attacks ready to take immediate action, can be greatly beneficial. Having contingency plans and recovery procedures in place ready to activate should a security breach occur, is also crucial.”
Use a common sense approach;
“We’ve all been guilty of opening email attachments and links without a second thought, but it’s important to scrutinise internal and external emails to make sure they’re coming from a reliable source.”
Educate your employees;
“Employees provide a business with eyes on the ground, so businesses can benefit from educating frontline staff on how to identify potential IT threats so that threats can be eliminated at the earliest opportunity.”