Recently, I caught up with Priority One IT Support to provide advice to business owners on how they can protect their business from a security attack.
A glance at the media will show that attacks are not only on the rise, but the types of companies under attack are also varied. Whereas previously only the largest of companies and financial institutes came under attack, these days, companies of all sizes and industries are targeted.
Protecting your business
From a fundamental perspective it’s almost impossible to prevent 100% of all attacks, but you can reduce the impact that they have by:
- Understanding your key data elements and focus on your security controls around these.
- Put in place controls that can isolate and closely monitor those critical systems.
- Understand where you may be vulnerable. This will vary depending on your business e.g. if you are on a ground floor it is riskier leaving a window open compared to someone 10 floors up.
The most common pitfall is lack of user education and awareness. For example, if a member of staff receives an email informing them they have won the lottery, they should know how to ignore it. The basics of user behaviour and education often let a business down.
The second, often overlooked issue is the lack of robust monitoring controls. Many companies often only discover they have been hacked many months later once it makes the news.
What to do in the event of an attack
A business should have a plan in place before an attack takes place.
- Formulate a plan that includes steps to inform internal staff, stakeholders, partners, and customers.
- Know how to isolate systems to limit the damage and assess the impact.
- Have backups in place from which services can be resumed as quickly as possible.