Businesses, both small and large, are under constant threat from a variety of cyber attacks that aim to exploit your company’s data or cause harm. And new risks are increasing daily.
The first step to minimise your cyber security risk is to identify the biggest threats, to allow you to put preventative measures in place.
Below are the six most common vulnerabilities that your company should be aware of, with some tips for prevention.
This is one of the most common threats, and there is new malware being created everyday. The goal of most malware is to access sensitive data and copy it, or send it to a server where the attacker can use it to steal the information. There are various types of malware, including ransomware, trojans, and worms.
Protection: Basic antivirus can protect from some malwares, however, a multi-layered security solution is recommended to provide optimal protection.
Have you ever found yourself dismissing the ‘update available’ reminder for your computer system or programme? This could impact your business in the long term, as a large proportion of threats rely on old security vulnerabilities to work.
Protection: Create a procedure that maintains a regular update schedule for your organizations software to be updated, as well as identifying any future updates that will need to be implemented.
Also known as social engineering, phishing is when the attacker attempts to trick an employee in an organization to give sensitive data or account credentials. This often comes in the form of an email mimicking the identity of one of the company’s vendors or an authoritative user. The email may include a link or attachment, that will download malware onto the users computer and take over their system.
Protection: Ensuring you have email virus detection tools installed on your computer will allow it to check email attachments for malware before you open them. Applying multi-factor authentication to all user accounts on your network will make it harder for attackers to hijack.
With the threat of ransomware increasing, organizations have a pressing need to back up and recover data, but this isn’t always a top priority. Many organizations neglect the backup and recovery process because of time and resource.
Protection: Businesses should have a multi-layered backup and recovery strategy, including database storage, disk backups and cloud-based storage.
One of the common breaches is due to lack of good credential management. Using the same password across multiple sites, especially a weak password means hackers can gain access to more sites more easily.
Protection: To solve this, your business should implement stringent password controls, such as longer and more complex passwords, and frequent password changes. It is also worth implementing multi factor authentication, where possible, especially for accessing sensitive data.
Your organization’s IoT are made up of many ‘smart devices’, such as wifi capable printers, faxers, manufacturing robots and even coffee makers. Surprisingly to some, this equipment can be hijacked by attackers to form networks of compromised devices to carry out further attacks. This means that businesses have unprotected vulnerabilities they aren’t even aware of.
Protection: To minimise the risk, your organization should have a security audit performed to identify all of the assets on the network, along with their operating system.
With more data being stored online and on large business networks, it is vital that organizations keep up to speed on new cyber threats and how to prevent these. Our Cyber Essentials Toolkit will guide you through the five key controls to meet the requirements of the Cyber Essentials scheme.