When a new story hits the news about another organisation being hit by a cyber attack, it’s mostly numbers we hear about. We’re told how many records were compromised, how many hours were lost, how much ransom money was demanded and how big a fine the company will have to pay to the ICO.
What we don’t hear so much about is the human cost of cyber attacks, or how those responsible for handing over valuable data (mostly completely innocently) feel about their mistakes.
Fraudsters know how to play on people’s weaknesses, and they’re very good at it. It’s easy to think you’d never fall for a scam if it’s never happened to you, but the truth is that hundreds of thousands of people do get caught out every year. Often, those people are highly intelligent, organised and diligent, and just happened to be having a bad day.
Being tired, overworked, stressed or simply relaxing in the lead up to a holiday can cause even the brightest spark to make simple mistakes. Nobody is immune to cyber attacks, and hackers capitalise on that fact every single day. The situation is now so serious that mental health professionals are referring to cyber crime as a new, hidden epidemic, and those who fall victim to hackers often pay a heavy psychological price. It goes way beyond having information stolen or even handing over money. It’s about deep-seated feelings of guilt, embarrassment and powerlessness, and in an increasing number of cases victims are being diagnosed with depression, post traumatic stress disorder or other related health problems.
A recent survey found that almost 70% of victims said they felt they could no longer trust strangers, and over half said they were no longer able to enjoy the activities they used to. Depression and anxiety were reported in over half the respondents, with almost 85% experiencing insomnia following a data breach. More than 60% said they experienced difficulties with concentration and cognitive function, while just under 57% said they regularly experienced aches, pains and headaches.
In severe cases, the shame of compromising company data and being seen as “the weakest link” in an organisation has even led to suicide. So, how do you protect your employees and your company from the chaos of a data breach? These 7 simple security measures will help keep you and your people safe and help you avoid the long term repercussions of cyber crime.
1. Make Sure You Have Endpoint Protection Software on Every Device
A lot of people still think that anti-virus software is just for laptops and PCs, but you should have it installed on every device on which people access your systems.
2. Use Different Passwords
Many of us are guilty of re-using the same password for different accounts, but it’s a really bad habit to get into. Having to remember different passwords for all your online activities can be exhausting and frustrating, but if you use a system like Keeper you won’t have to. Password management systems remember everything for you, so you and your team can stay safe without having to deal with an administrative nightmare.
3. Switch to Multi-factor Authentication
Entering a username and password is just one step in the online security process, so more and more organisations are choosing to protect their data with several layers of protection. Multi-factor authentication requires you to provide more information to confirm your identity, such as:
- Something you know – a password or PIN
- Something you have – like a Security Key, secure USB or phone number
- Something you are – such as a fingerprint or retina scan
4. Protect Every Device
One of the downsides of remote working is that your team members will most likely be using their own devices to log into your network. It’s imperative to clearly outline everyone’s responsibilities when it comes to looking after those devices, from keeping them safe on public transport to ensuring nobody else has access to them.
You’ll need a robust Bring Your Own Device (BYOD) policy in place to ensure everyone knows what’s expected of them – get advice on how to create one here.
It's important to note that under the GDPR, if any device containing personal information is stolen it must be reported to the ICO within 72 hours. It’s also a good idea to install tracking software on your devices so they’re easier to get back in the event of theft or loss.
5. Make Sure Your Software is Always Up to Date
One of the easiest ways for hackers to infiltrate organisations is through outdated software. Every time someone hits the “update later” button it makes your organisation more vulnerable, so make it policy to ensure all software is updated at the same time every week.
6. Back up Regularly
Even if the worst does happen and you lose your data, it will be a whole lot easier to deal with if you’ve got everything backed up in another place. You can store copies of your data in an external hard drive, but most businesses nowadays choose to back up in the Cloud. A good security provider will perform backups on your behalf and regularly monitor activity on the network, which means you won’t have to give it a second thought.
Don't forget to test your backup regularly!
7. Educate and Support Your Staff
This is the number one most important thing you can do when it comes to cyber security. Human error is the biggest cause of data breaches, so by keeping everyone trained and up to date with the latest phishing threats and how to recognise them, you’ll be going a long way towards keeping your customer information safe.
With the right training, employees should all be able to spot a phishing email or dodgy link and know what to do if something doesn’t look right. It’s also important to create a culture in which people feel comfortable to ask if they’re not sure about something, and don’t feel under too much pressure. Of course, an element of pressure is expected in every job, but when people are overloaded, they’re more likely to make mistakes. And as we’ve already seen, sometimes those mistakes have far reaching consequences. Creating a culture of fear won’t work, but providing a supportive, educational environment just might.
We are here to help you and your team stay safe online. To find out more, or to book a cyber security training session, contact us today.
Endpoint & DNS Protection Together
To secure businesses, you need endpoint protection that’s stronger and smarter than traditional business antivirus and secure your DNS connection against cyberattacks, get total visibility into web usage, and enforce acceptable web usage policies to reduce security risk.
Why it's different:
- Stop sophisticated cyber attacks
- Streamline Management
- Save time and money
- Skip the hardware and software with our DNS Protection
- Block threats at the domain level
- Reduce costs relating to infections
- Protection wherever you are