Although media love to paint cyber-attacks as complex assaults orchestrated by advanced hackers in front of several screens, the reality is far more mundane. Cyber-attacks can be carried out by anyone from anywhere, which makes cyber security more important than ever. While attacks are getting more sophisticated in nature, some fundamentals remain, and so, your defence should be composed of the latest technologies in the fight against breaches and attacks.
The UK government estimates that 98% of businesses depend on the internet to some degree, and 43% experienced cyber breaches or attacks in the last year alone. You can improve your company’s cyber defences with Atech’s expert security services. But what does a solid cyber security plan actually involve?
4 Core Goals of Cyber Security
1. Secure your data (and your clients’ data)
The most important digital asset that your business has is data. Surely on your servers there are documents you don’t want to be seen by the public? Safeguarding your company’s data is crucial, as it prevents competitors from taking advantage of your plans and keeps your business’ name clean.
Your clients’ data is even more important. Imagine if your customer’s personal information was stolen while using your site. Your reputation will be rocked and odds are that customer–and most of their friends and family–aren’t coming back.
This is even more important when dealing with extra sensitive information, such as medical records or legal documents. There are distinct legal and regulatory requirements which must be complied with to safeguard this data.
How to secure data
We ensure that all communications on your network use appropriate encryption mechanisms, which make it impossible to steal and read data as it is transferred. We also review your data storage methods and network access to determine how an intruder could get at your valuable data. We’ll give you instructions to patch up any holes in your data security, following extensive audits and penetration testing of your systems.
For example, by using Intune Base Security policy deployment, we ensure that you control who has access, as well as what they have access to. Additionally, with Azure Information Protection, we ensure that your data is protected thanks to document classification and labelling, which is rules-based and can be semi-automated. With the integration available with other services including Microsoft 365 and Azure Active Directory (Azure AD), it means you enable your workforce to be productive anywhere, on any device, while keeping your data protected.
In short, it enables your workforce to be productive on all their devices, while keeping your organisation’s information protected.
2. Train employees
The most common attack vector is the phishing attack. An apparently legitimate email reaches one of your employees, sneakily requesting a password or login information, perhaps under the guise of resetting the password or to clarify a problem with the account. Your employee unknowingly divulges this information, which is then used to access data and pilfer it.
This was how the world’s largest attack was executed. An employee at Yahoo fell victim to phishing and ultimately about 3 billion user records were exposed. The fallout was so vast, courts ordered Yahoo to pay up to $358 to each affected user.
How are you going to train your employees to be able to distinguish a phishing email from a genuine one? By the time they come across their first ‘real fake’ one, it may already be too late.
How to train employees
The best way to train employees, in our experience, is through practice. We simulate phishing attacks and other types of break-ins to see if employees can detect suspicious behaviour. When they fail in a simulation, there are no consequences: only learning.
We also share valuable material with employees at all levels to make sure they know the basics of good cyber security. These are delivered in the form of short videos and multiple-choice quizzes. You get the benefit of a bird’s eye view of how your team performed, and where there are areas of concern, gaps in information, so that you can remedy these.
3. Ensure maximum uptime
Downtime is always bad for business. Cyber-attacks can cause your business to put everything on hold until the problem is resolved. For example, a DDoS attack will make accessing your website impossible. If you offer an online service or have frequent visits from users on your platform, this could be a death sentence.
If surreptitious malware makes its way into your network, you may be forced to wipe computers or servers, reinstalling everything from clean backups. This process can take days and leave your company crippled in the meantime. Again, this often occurs when employees open questionable email attachments without knowing better.
How to keep your business running
Besides training employees to detect possible malware sources and prevent viruses from getting into your system, there are other things that can be done. For example, we can protect your website from DDoS attacks using third-party tools.
Although we tend to think of security as strictly about protection from attackers, it also means having redundancies and backup plans in place. If you were to experience an attack, we could load up a backup immediately and keep your business humming along while we fix the problem.
4. Save your company money
Since the General Data Protection Regulation, or GPDR, companies face heavy fines for failing to secure data. The lowest level fine starts at a whopping 10 million Euros, or 2% of the company’s annual turnover.
And that’s just what the authorities can do to your business. If users’ data has been compromised, they may join together to demand compensation which can become exceedingly costly. The average cost of a data breach is estimated at nearly $4 million USD according to IBM.
It’s clear then that investing a bit into your cyber defence is a smart choice. Just as you carry insurance in case the building goes up in flames, you should have IT services that prevent your network from being exploited. It needn’t be expensive to protect your business, nor does it require in-house skills.
If alongside of security initiatives, you are running optimisation exercises across your platforms and your network infrastructure, be sure to consider the wider what-if scenarios and build a hard security posture around these. There is a huge opportunity for cost optimisation across your IT infrastructure – your speak to one of our consultants to see what we could fine-tune, and to what effect on your balance sheet – but don’t set out to save on security, but do leverage native security features in a new platform or business application.
What security does your business need?
If you’re not sure what you need to make sure your business is 100% cyber secure, then call us. Our IT security experts can analyse your business, identify potential vulnerabilities, and add the latest security measures to keep your company safe. We start with a comprehensive assessment of, and share the results with you in order to create a bespoke plan based on the priorities and your individual objectives.
Our managed security service is delivered with complete transparency. We make sure you get exactly what you need at a simple cost per head. We never charge you for more, and we never give you any less.
More businesses than ever are affected by data breaches and cyber attacks. Attacks are becoming more sophisticated and more frequent. Following best practice security policies, and hardening your security posture are key priorities regardless of the size of your business. We know that most breaches exploit common vulnerabilities; unpatched systems and unassuming employees.