By Tom Kidwell, below, co-founder of Ecliptic Dynamics
Cybercrime is growing at an alarming rate, with hackers using advances in AI and automation to adopt more sophisticated and targeted methods to breach IT networks. SMEs remain top of the hit list for cyber criminals, with 26% of SMEs in the UK having been impacted by ransomware in the last twelve months, according to a recent study by Avast.
However, there are steps small businesses and large enterprises can take to strengthen their cyber defences from modern day threats. Most employees are exploring the internet at some point throughout the working day, some just for general information, while others dive deeper into the dark web for investigation or research purposes. Whatever level of work or research employees do online, there are five essential practices that SMEs should have in place to isolate and protect themselves and the business from growing cyber-threats.
Use a password manager
Reusing the same passwords across multiple accounts is a common error still made by many businesses and employees. Although sticking to one password can be convenient, it can pose a big security risk to the organisation. Remembering dozens of passwords isn’t always realistic though, and using a password manager is a good solution to help improve efficiency, without reducing overall security. Password managers also make the generation and management of passwords super quick and easy.
Regularly update and patch
Keep a look out for any IT system software update notifications and regularly install all new patches as soon as they are released. These will often include security updates that are being implemented to help fix a misconfiguration or fault within a product or device, which could be used by attackers to gain access to your IT network.
It’s important to note that there’s a difference between feature updates and security updates. While feature updates often improve the usability of products, security updates are the ones to look out for when it comes to your cybersecurity.
Use two-factor authentication
Two-factor authentication effectively means users must pass two levels of security to access a network. This often involves having to enter an authentication code sent to an approved device or inputting different sets of information, like a password and then a PIN. By adopting this approach, you make it much harder for malicious groups to gain access to your data and assets, as they need to not only compromise a password, but also steal your approved device or learn additional log in credentials to get in.
Two-factor authentication is one of the best ways to instantly improve your cybersecurity, especially when partnered with other cyber practices.
There are two types of encryption. One is when your data is in transit, moving via communication channels such as an email, while the other kind of encryption is when your data is at rest, or stored. On an organisational level, you should seek out providers which give you at least a basic level of encryption, and as an individual there are ways you can check whether the websites or services you’re using are giving you this protection. For example, if you look at the address bar on websites that you use, like a bank for example, ensure that the website link begins with ‘https’ alongside a padlock symbol. This means that the connection is encrypted.
Encourage your team to look out for these little details. By boosting your business’ cybersecurity awareness, you can improve your team’s understanding of what keeps your assets safe. This will improve security overall and give your team the tools they need to remain secure.
Know your attack surface
Your attack surface encompasses effectively everything that’s on your network, and it’s crucial to know exactly where everything sits, what avenues of attack cybercriminals could use, and what vulnerabilities they might take advantage of. Once you know this, you can begin to improve your cybersecurity stature, and iron out vulnerabilities to make it harder for potential intruders to gain access.
As users, we’re probably most vulnerable through our browser and our email, so scanning suspicious communications is important to weed out any potential phishing scams, or other more sophisticated attacks. A good rule of thumb is to not trust links you weren’t expecting to be sent.
Even if you are expecting correspondence, verify that the person sending a link is in fact them if something seems off. This can be done in several ways, the simplest by checking that their email is authentic. Verifying that a colleague has sent a message can also be as simple as texting them.
Ultimately, cyber hygiene is a key pillar of a good cybersecurity structure. It’s all about maintaining good practices and understanding the vulnerabilities you face. By giving yourself, and your team, the tools needed to keep on top of cybersecurity, you have the best chance of achieving good cyber hygiene and remaining secure.
Tom Kidwell, an ex-British Army and UK Government intelligence specialist, is a founder of Ecliptic Dynamics, an IT infrastructure specialist and cybersecurity company.