More Tips to Avoid Imminent Cyber Attacks Within Your Business
About the Authors:
Rob McEwaN
Director at Staples Rodway
Based in Taranaki, Rob has over 30 years of computer and commercial experience in the United Kingdom and New Zealand. Rob assists clients in developing and implementing cloud computing strategies.
Daryl Webb
Practice Leader at Staples Rodway
Daryl heads the IT Risk and Advisory practice in Auckland. He has over 30 years’ experience in technology leadership roles in New Zealand, Australia, and Asia.
Cyber Security continues to be a top concern of clients given the recent high-profile Ransomware attacks and data breaches. There is almost always more you can do to reduce the likelihood or impact of an attack on your business.
The bad guys are winning.
Cyber criminals – both organised crime and opportunist hackers – are out there in force, trying to find ways to steal your data, hold you to ransom, or hurt your reputation.
In a previous article, Rob McEwan of Staples Rodway offered five key tips to help you avoid cyber attacks.
Here, we add another five steps you need to take to reduce your risk of being hacked. Rob’s five points were:
Don’t operate your computer with Administrator-level privileges
Ensure operating systems and software are patched and kept up-to-date
Remove software you don’t need
Always run anti-malware software and keep it up-to-date
Make sure to back up your data frequently
ADDITIONAL CYBER TIPS
CHANGE PASSWORDS
A strong password is an effective password. Here, strong refers to passwords that are long, made up of a mix of character types (letters, numbers, and symbols like *&$}), and are not reused across multiple systems or websites. You should aim for passwords that are 12 or more characters in length. A passphrase can be particularly effective.
Change your passwords every three months.
Ensure default administrator passwords are changed. Databases, operating systems, and many applications and website platforms are installed with default administrator logins and default passwords. If these aren’t changed, your systems and data are exposed.
When key users and IT staff leave the company, make sure all passwords and PINs are updated.
ENCRYPT YOUR DATA
If the bad guys can’t read your data, they can’t use it. Critical data should be stored and transmitted in encrypted
form. Confidential and sensitive data stored on hard drives, archive systems, and in backups need to be
encrypted. Use strong decryption – stored data is easily duplicated, and hackers will be able to attempt decryption
of stolen data at their leisure.
EDUCATE YOUR STAFF
Staff are usually the weak link in the majority of successful attacks, so ensuring staff are aware of their security obligations, helping them understand how to recognise bad websites and links, and how to recognise when they’re being manipulated via social or indirect contacts (i.e. ‘social engineering’), will pay dividends.
HAVE A PLAN
The most effective way to deal with an attack is to have a prepared plan of action so you don’t forget key steps, or spend unnecessary time working out your plan after the fact. Your plan should cover responsibilities; communication to staff, customers, and regulators as appropriate; steps to keep the business operating until core systems are available; how to restore systems and data if they have been corrupted.
DISPOSE OF OLD SYSTEMS CAREFULLY
Before an old system leaves the company, you need to ensure all data is erased from disk drives in a way that recovery is unlikely. There is a variety of software that can perform a low-level delete, but extreme physical damage can be quick and effective. This could be as simple as dismantling, physically destroying or drilling multiple holes through the casing and disks, or using a high-powered magnet.
Computer security is back in the spotlight. Smaller businesses are more likely to be the target of scams, however, than attacks of the nature that shut down our stock exchange last month.