It’s 2019 and it’s a new year, and there’s a good chance that you’ve made a resolution which goes along the lines of join a gym, lose weight and eat healthier.
All well and good on a personal level but if you’re a company owner or director did you make a pledge to improve some aspect of your business? Probably not, but it certainly isn’t too late and if you’re going to create one then how about beefing up you cyber security?
Not a day goes by where businesses are not compromised, impacted or at risk of a cyber security attack; all of which can have a colossal impact in terms of loss of reputation and clientele. And if a company becomes exposed in an attack or a loss of client data occurs, then it is legally obligated to disclose the breach to each customer affected.
But what type of attacks are we actually talking about? In essence there are seven types, and your business will have been subjected to them all at some point, and even as you read this it’s highly likely someone, somewhere in the world is trying to get to you.
- An APT (advanced persistent threat) is one that uses a high degree of covertness over a long period of time, often using malware (see below) to exploit vulnerabilities in systems. The best way to prevent an APT is to keep up with software patches, continuously monitor all network and insider activity from all points of entry, keep up with best practice guides and investigate and remediate any potential or concerning issues that arise on a network.
- Phishing is a type of scam to gain access to a network via email or other online methods to get you to provide sensitive information to gain network access. For example, a cybercriminal may have you click on a link that could download something malicious to your network or take you to a bogus site where you are asked for certain sensitive information.
- DDoS (distributed denial of service) is where multiple sources target a web server, website or other known network device, and overwhelm it with a flood of messages, packets and connection requests causing the target to slow down or crash.
- Inside attacks often come from trusted users, employees and external contractors that have specific authorised access to your network, and quite often are due to unintentional mistakes that affect one or more components on your network such as trying to get hold of specific data that they do not have access to.
- Malware is software that is specifically designed to gain access or damage a computer without the knowledge of the owner. There are various types of malware such as spyware, keyloggers, true viruses, worms and any type of malicious code that infiltrates a computer.
- Password attacks are also known as brute force attacks, and often use some type of automated system to perform the hit in which different password combinations are used to try to gain entry to a network. The best ways to avoid this type of attack is to make it company policy to change passwords on a regular basis.
- Ransomware is a type of malware that locks down and encrypts devices on a network to prevent someone from using that device unless a ransom is paid. Once the ransom is paid the encryption will be unlocked and removed, although in some cases the hackers will not unlock the devices, causing the company affected to incur other expenses to recover.
Hopefully you’ll have picked up a few security tips from the seven types of attacks above such as regularly changing passwords (which should really form a major part of staff training) and we really hope that you’re not too freaked out at what is potentially attacking your business, because with the correct tools in place you shouldn’t be lying awake at night fretting.
In the cyber security world there is no one single product available that will solve every problem, so agility is the name of the game along with continually checking your systems for vulnerabilities, learning about new threats, thinking like attackers and adjusting your defences as needed.
Our cyber security toolkit of choice comes from safety and data backup company Datto which is able to provide layered security through its antivirus software, firewalls, and patch and password management products, along with backup and recovery.
Developing a robust, multi-layered cyber security strategy can save your business, but so to can ongoing employee education and security technology which will boost your front line of defence and dramatically decrease the likelihood of any breaches.
A solid, reliable backup and recovery solution is the second and most essential layer of defence, allowing businesses to quickly recover unscathed should things turn ugly.
If you’d like to know more about how we can help keep your business secure please call us on 0333 241 9301.