Jamie Coombs of Altodigital writes….
With nearly half of UK businesses having fallen victim to cyberattacks or security breaches in the last year, it is clear to see that cybersecurity needs to become more of a priority. Of these breaches or attacks, the most common involved fraudulent emails, attempts by scammers to impersonate the organisation online and viruses or malware. In light of this, businesses need to go back to basics and readdress issues such as employee education, patch management and security processes.
Considering one of the most common forms of cyberattacks is from fraudulent emails or phishing scams, it seems that many businesses have lost sight of the more common-sense practices that enhance cybersecurity. Therefore, it is necessary to re-educate employees on issues as basic as not opening spam emails or clicking on untrustworthy links. Tightening email spam filters and establishing a blocked senders list can take some of the impetus off employees, however, it is important everybody is clued up on best practices and the risks to your business if these rules are flouted. Implementing best practices such as not opening emails if the recipient is unknown and not downloading files or clicking on links from suspicious sources are simple but effective.
It isn’t just employees in general who could benefit from re-education, in fact some IT departments would also profit from updating gaps in their knowledge and reassessing security procedures. In some instances, consultation from external IT professionals like Altodigital can be beneficial to get an overview of the company’s vulnerabilities and shortfalls in approaching cybersecurity. This shouldn’t be seen as a slight on IT managers, but rather as an opportunity to get a second opinion from the experts and find scope for improving existing policies.
As people now carry around more data on their mobile devices than ever before, with many using them for work emails and tasks, mobile device security should become more of a priority for IT managers.
In recent years, many cyberattacks have exploited unpatched systems, highlighting the importance of implementing a patch management process. Fortunately, developing this process can be a low budget, but highly effective way to stay on top of software updates and ensure you don’t fall foul of unidentified vulnerabilities. There are several points to address as part of your patch management process, including having an accurate inventory through which you can identify which devices need to be updated when patches become available. Once this is in place you should consider developing a testing procedure, assign ownership of the process to individuals and document which patches have become available and when they have been deployed. Patch management should also be extended to mobile devices used for business, encouraging employees to activate update alerts immediately, rather than delaying.
As people now carry around more data on their mobile devices than ever before, with many using them for work emails and tasks, mobile device security should become more of a priority for IT managers. Fortunately, there are several methods IT managers can educate employees on to keep both company and personal mobile devices secure. Discourage employees from ‘jailbreaking’ devices and ensure you have a strategy in place should the device get into the wrong hands. All mobile devices should be installed with a wipe function which will enable all data on the device to be wiped remotely should it get lost or stolen and data should be automatically erased after a set number of password attempts to discourage hackers. Finally, anti-virus software should also be installed on mobile devices used for business, particularly Android devices.
For IT managers, taking a closer look at the minutiae of cybersecurity, re-educating employees on simple but often overlooked procedures and seeking external consultation from the experts can mean the difference between secure networks and data and a business that is vulnerable to threats.