In a nutshell

  • Establish new processes and strengthen the existing ones
  • Prevent phishing emails and 'vishing' - automated calls pretending to be anyone from your bank to your phone contract provider
  • Keep on top of updates
  • Encourage and reward your team to alert everyone to a potential threat

How do I… keep my business cybersecure?

Keeping your firm cybersecure should form part of your business plans - regardless of the industry you work in and the size of your business. Hackers are continuously developing new techniques to get hold of your data, so to stop you from falling in the trap, IT expert Jamie Durham offers his top tips.

1. Establish new processes

Most breaches are caused by user error, which usually comes down to misplaced trust. Hackers are employing social engineering and physiological techniques – like impersonating a colleague, supplier or customer – in order to gain access to your data. By developing or building on existing processes within your business you can make it harder for them to be successful. For example, train staff to save files to central locations and send the whereabouts to colleagues, rather than attaching documents to an email.

A business chat system – such as Slack or Skype – is another great way to share documents securely, away from the outside world. This will help to not only reduce inbox clutter, but it will also lead to better decision making when determining the legitimacy of an email. The key is to make your team alert and suspicious of all external communication – it is better to be over-cautious.

2. Identify a phishing email

A phishing email is one disguised as a trustworthy message, in order to obtain sensitive information such as usernames, passwords or bank details. If you think your team needs further training on how to spot such correspondence, it’s a good idea to hold an in-house ‘spot the difference’ session for everyone to attend or outsource professional guidance.

To help prevent these harmful emails from reaching your mailbox, ask your IT provider to add SPF and Dmarc records to your configuration – these check the true origin of a message. In addition, deploy content and DNS filtering which prevent suspect links from working and scan attachments in transit.

3. Think about phones too 

It isn’t just email you need to be aware of, as phones can also be subject to ‘vishing’ attacks. Businesses who promote remote working must especially consider this, as employees will have access to work-related content on their mobiles.

Vishing can take the form of automated calls pretending to be anyone from your bank to your phone contract provider. In this case, always seek out confirmation from your network – or whichever supplier they claim to be calling from – and initiate contact with them yourself, to ensure the legitimacy of the conversation.

4. Keep things updated

It’s important to keep on top of updates, as this will ensure any vulnerabilities in your systems are patched up and will make the application more secure. Delaying this will extend the opportunity for an attack and will increase the chances of a breach. Things that require this are routers, mobile phone apps, printers – especially with fax – PCs and servers.

5. And, share the news

A good IT company will update you on the latest phishing tactics, but this communicative approach should also be the same for staff. Encourage and reward your team to alert everyone to a potential threat, as this could mean the difference between a hacker being successful or not.

If a business is subject to a cyberattack, it can be extremely harmful to reputation and brand image, but this shouldn’t be the case. If firms alike share their experiences, mistakes and – most importantly learnings – the rest of the business environment can take steps to prevent future attacks from happening.

Contributed by Jamie Durham
Abi Bentley-Cottam
Article by Abi Bentley-Cottam
Share Article