5 ways to prevent data breaches and cyber attacks
With media headlines focusing on household names like British Airways, Travelex, and Uber, it can be tempting to assume that cyber criminals only target big companies with deep pockets. But the truth is that six out of ten SMEs suffer cyber attacks, and a quarter of the UK’s charities suffered an attack in 2019. So what can you do to protect your organisation against this kind of crime?
Many organisations are not supporting their staff with the appropriate training. In fact, just 29% of staff received cyber security training in 2019, compared to an incredible 81% of directors, trustees, or senior management.
Yet the odds are that many of your employees, if not all of them, can access sensitive information held by your company, making it more important than ever that they are properly supported.
Ensuring that your staff receive an appropriate level of training can help ensure that they know what they need to do to keep your information safe.
Of course, no-one’s memory is perfect, and your team will forget things. Regularly refreshing their training can help mitigate this risk.
With our Learning Hub you and all your staff can have access to over 25 courses relating to data security and cyber attacks. www.isosystems.org.uk/thelearninghub
Data security policies
It’s easy for everyone, both staff and management, to view policies as a box-ticking exercise. But the truth is that a data security policy is much more than that.
The hope for any organisation is that your team will rarely need to make use of their data security training. This means that they won’t always remember what they need to do when a question or incident arises.
A comprehensive data security policy is the resource your staff can turn to when they aren’t sure what to do next. Whether they’ve received a data access request from a customer, or whether they can’t remember what they need to do when taking a work device out of the office, a data security policy will either furnish them with the answer, lay out the procedure they need to follow or advise them how to escalate an incident.
A data security policy represents a way to support your team when they aren’t sure what to do or who to turn to. It also reduces the risk of that team member guessing at what they should do and potentially compromising your sensitive information.
Your team probably already knows that a strong password is a necessity. But passwords aren’t always enough to guarantee security. That’s why you should make use of Multi-Fact Authentication (MFA) or Two-Factor Authentication (2FA) wherever possible.
MFA/2FA describes security features where logging in to a system or app requires entering a password, but the user is then sent a confirmation code to a mobile device or email; the user cannot log in without entering this confirmation code too.
MFA/2FA means that, even if someone steals a password, they would also need to gain access to another password or device in order to access your sensitive information.
Undertake regular penetration testing
Penetration testing describes an assessment of your cyber security wherein your in-house IT team or independent contractors will simulate a cyber attack on your organisation to identify any weaknesses in your security.
These simulations include attempting to break into your organisation’s network by searching for and exploiting vulnerabilities in your security. They can also include social engineering tests that attempt to fool your team into granting access to someone they think is an authority.
By regularly putting your security through these kinds of real-life tests, you can discover and strengthen any weaknesses before a real-life attacker can find and exploit them.
Employ a risk-based approach
The key to your cyber security is risk: once you know where the risk is, you can take action to mitigate or avoid it.
Conducting a thorough risk assessment can help you quantify just where your organisation needs to improve, where you need to invest in further security measures, or even just who needs further training.
Information Security Management Systems (ISMS) can also help you to formalise your procedures and processes in a way that helps you to identify any gaps, and thereby help you identify any risks to your data security.
Cyber criminals do not stay stagnant; they are constantly looking for new ways to access sensitive information. As such, you need to ensure that you are constantly looking for new ways to protect your organisation. That’s why the key to the majority of these preventative measures is that they require constant review and update. By regularly reviewing your data security, you can ensure that you remain one step ahead.
This is where ISO 27001 can help.
If you wish to discuss your information security requirements, you can contact our ISMS Lead Implementer Scott Naisbett - https://www.isosystems.org.uk/contact
Download our ISO 27001 information pack below