Protecting Your Business Against The Risk Of Cyber Attacks
DBASS Blog | April 2022
Cyber-attacks have seen unpresented growth over the last number of years and they remain a real concern for businesses. The impact of a major cyber attack on your business will not only cause you major worry and inconvenience but could also have a substantial financial impact.
The most effective way to protect your business against cyber- attacks is to empower your staff through appropriate training and ensure the required systems and plans are in place at all times. Your organisation must remain vigilant and follow protocols in order to prevent potential attacks.
I have compiled a list of what SME businesses can practically do to protect their business, however we would also recommend that you speak to your IT providers to ensure you have the relevant systems in place and access to the most up to date training programmes.
Where possible reduce or eliminate administrative rights or access to certain users, this will prevent malware from infecting your server. If new packages or updates need to be carried out these can only be done at an administrative level.
Have a VPN (Virtual Private Network)
VPN is a way of connecting a remote worker to the main servers using an encrypted tunnel. For secure remote working having a VPN is a must and your IT provider will be able to discuss the implications of this in detail with you.
A firewall is a network security device that continually monitors traffic going in and out of your systems. It helps to stop suspicious traffic from entering your systems and so it is important to maintain and update this regularly. An example of a firewall in action would be any suspicious looking emails being sent directly to your junk folder, allowing you to either ignore them completely or to retrieve them if they are indeed legitimate.
Using encryption on computers, laptops, iPads and mobile phones will render the device and the data on the device useless to a cyber-thief and is therefore a very useful practice. This is particularly relevant for businesses who may have employees who travel for their work or are required to attend off site meetings on a regular basis.
Aim to regularly update your systems and devices with the most recent software including security issues and debugs.
Regularly check your data on account systems for any errors or security systems processes which may need attention.
Back up your data to a safe place daily/weekly, ensuring that it cannot be accessed if a breach to your system occurs.
Systems in place for finance team.
Ensure there are appropriate systems in place to stop the potential payment of a fictitious supplier. Confirm you have robust processes in place for payment authorisations, in particular to those involving any change to payee bank account details. For example there should be a 2-way check in place before a supplier is paid. Contact the supplier if they send you an email with a new bank account details to ensure it has come from them.
- Encourage employees within your organisation to ensure that they know the identity of the email sender and that unknown senders are vetted for authenticity
- Click with caution: Cyber criminals often send malicious links within emails. If employees are unsure, encourage them to reach out to the sender. Don’t click on attachments without knowing the source.
- Email visualisation: Your organisation could ensure external emails include a security flag and encourage employees to preview all emails coming from an outside source.
Education and training
Another very important factor in keeping your business safe is ensuring that you partner with a recommended supplier of cyber security training. There are many such training firms out there and this type of training will ensure that your employees are aware of the dangers of common cyber threats such as phishing and malware. They will also offer detailed and practical sessions on Data Privacy, Data Security, Data Breaches and Data Protection.
Incident response plan
Have an incident response plan in place to ensure you are prepared to deal with Cyber-attacks. Nominate a designated individual to handle all issues relating to cyber-attacks such as risk identification and the putting in place of appropriate protections. This function could also be outsourced to your IT providers.
Working from home
Educate your staff on what they can and cannot do on company equipment. For example ask your staff to refrain from using a business device for personal email, social media, personal use, visiting non work related websites and personal file sharing. Work devices have access to confidential data and your firm must come up with the best way to avoid any breach of same.
Use Strong Passwords
Prevention is better than cure. If you want to keep cyber criminals out of your systems, then strong passwords are an important part of your defence, along with two factor identification. Closing of potential points of entry to hackers may make your system less attractive.
Cyber Insurance Policy
Contact your broker or insurance company to see if you have this policy in place or if it can be added, it may be a useful addition to your cyber security plan.
It’s a good idea every few months to check in on your security practices, to identify any potential weaknesses. Monitor the devices that are connected to your accounts and systems and remove access for old devices when they are no longer needed. You should also remember to remove access for old staff members that are no longer working within your organisation, ensuring that their old login details are no longer viable.
Review your plan
Make sure you have a backup system in place if an attack does happen and that it is fit for use. Consider reviewing your plan on a regular basis and ensuring that you always receiving the most up to date advice from your IT provider.
By Melissa Phibbs
DBASS Chartered Accountants
This article is for discussion purposes only. For further information on any of the topics covered in this article please contact a DBASS adviser on ph. 01 849 88 00.