In a world of hybrid and remote working, with ever-evolving threats and new attack surfaces appearing frequently – it’s important to put in place every measure possible to keep you and your team protected.
Insufficient cyber security measures can have disastrous effects on your company. A simple mistake can quickly turn into catastrophe without the right protection in place, it could even void your insurance in some cases.
According to a University of Maryland study, a cyber-attack happens every 39 seconds on average. Cyber-crime has increased in frequency by over 300% since the start of the pandemic. ~40% of businesses report having a cyber security breach in the last 12 months.
The knock-on effects of a cyber-attack can be devastating. To name a few:
- Loss of revenue
- Reputational damage
- Loss of clients
- Service disruption/outage
- Client data, personal data and sensitive information leaking
Companies like Jolly IT can take all of the legwork and headaches out of this process. We offer a free, no-obligation chat to assess your requirements and concerns. By taking simple and affordable measures, preparing yourself ahead of time can have a huge return on investment. You should consider this an investment in the future and longevity of your company, as well as an insulative, protective layer for your reputation.
How Can My Company Improve Cybersecurity?
1. Cyber security training
Employees are often your first and last line of defence against cyber-criminals, every employee should know:
- A layman’s understanding of your company’s AUP (Acceptable Use Policy)
- What sensitive information looks like and who it can/can’t be shared with
- What to do when a cybersecurity incident occurs
- How to recognise most common scams
2. Penetration testing/ pentesting
Following your cyber training, you should test to see how effective it was.
Penetration testing involves a simulated cyberattack, by a team you’ve hired specifically to test your security. They can outline any vulnerabilities, so you are able to patch them before they become a problem. They will also have multiple safety measures in place to ensure there’s minimal disruption to your systems.
3. Use Multi Factor Authentication
In this current day and age, every single account should have multi-factor authentication set up. This means even if your password gets stolen, nobody else will be able to log into it. The Microsoft Authenticator app is a good one to get started, and it will support almost any account you use.
4. Stay current: Updates, Apps & Hardware
Updates are released a lot more often than you might expect, often automatically without any user intervention. A significant amount of these updates will contain security patches to prevent vulnerabilities and stop exploits occurring.
Similarly, if you’re still running Windows 7 or 8, those are unsupported now and will no longer be updated. You should upgrade to Windows 10 or 11 if you haven’t already.
5. Back up data
Data back ups can save you from much more than cyber-crime. No matter what happens to your data, you’ll have an off-site copy going back several weeks which can be restored at any time.
Without backups, you are at risk of losing all your data to ransomware, theft, drive failure, fire or flooding.
6. Never share passwords or write them down
Perhaps more self-explanatory – nobody should be sharing passwords. If you have too many passwords to remember, you should use a password manager like LastPass or KeepPass.
Be warned, as this is still a single point of failure. Combine it with Multi-Factor Authentication and you’ll be much more secure than before.
7. Use long, secure passphrases rather than legible words for your passwords
Nine-character passwords take ~5 days to be cracked. Ten characters: closer to 4 months. Eleven characters? Around 10 years.
Ideally your passphrases will have most, if not all of the following:
- Lowercase letters
- Uppercase letters
The longer your passphrase, the less likely it is cracked. The following site shows roughly how long your password would take to be cracked:
You should be aware that unless you’re a celebrity, government or a political figure, brute force attacks are unlikely and you’re much more likely to accidentally expose your password through phishing.
This is why Multi-Factor Authentication and unique passwords are so incredibly important. If someone has your real login details, not only are they stopped from logging into your account, they’re also unable to use those login details elsewhere to compromise your other accounts.
8. Reset all generic/default passwords
Have you got a Wi-Fi Access Point, Printer, Router or Switch on your network? You probably have!
Often the password to log into the administrative areas was never changed. For many different hardware vendors, that makes your password very easy to find. As such that device is incredibly vulnerable to attacks.
9. Enable Bitlocker (drive encryption)
If you have Windows 10 or 11 Pro Edition, you should enable Bitlocker Drive encryption. If your computer ever got stolen – you may assume your password protects your data. That’s incorrect.
With no drive encryption, your hard drive can be removed and plugged into a 2nd PC or a hard drive caddy, the data can then be read, copied and uploaded wherever they choose. With Bitlocker your data would be safe.
It’s also worth noting, if you choose to enable “Bitlocker drive encryption”, you’ll need to keep your recovery keys safe.
10. Create robust & strict company policies surrounding sensitive data and money
Perhaps another self-explanatory one, but consider the following:
- If an employee emailed your accounts department asking for their pay-check to be redirected to another account this month. How would you authenticate this request?
- If a supplier or client got in touch with a change of bank details, how would you ensure it’s genuine?
- If your CEO/Director emailed you urgently asking if you’ll buy something online on their behalf, would you call them and double check it’s genuine?
Maybe these would all be far out of character for your business, or perhaps you feel confident you’d spot a non-genuine request.
In reality, these fake emails are sometimes pixel-perfect at replicating a genuine email. You would be surprised how many people fall for them without: checking the sender’s email address; calling the company using their genuine phone number; or perhaps calling the phone number from the company’s official website.
11. Consider Cyber Liability Insurance
No system is truly impenetrable. Give yourself and your clients confidence by taking out an insurance policy, which covers first and third party financial/reputational damage.
Your insurance policy could be the difference between success and insolvency when disaster strikes, it’s very important your team take cyber security seriously.
12. Report all suspicious activity to your IT department
Much like your doctor, chances are your IT team has “seen it all before”! You should never be embarrassed, worried or scared about the repercussions. Let them eliminate or address your concerns appropriately.
By coming clean and reporting the issues early, you can ensure an attack’s identified and isolated before it spirals out of control.
13. Consider a “Cyber Essentials” certification for your company
If you’re unsure where to start, and you feel like there’s plenty of room for improvement, get Jolly IT to help you through the government backed Cyber Essentials scheme
I encourage you to read this article for more information on Cyber Essentials: https://www.ncsc.gov.uk/cyberessentials/overview/
Have any questions? Unsure if you need any of the above? Get in touch for a chat!
firstname.lastname@example.org 0330 460 9495
Office hours: Monday-Friday 9am-5:30pm UK local time