Cyber Security: Top 5 Tips to Prevent a Cyber Attack
With 46% of small businesses facing a cyber attack in the past year, the need for a cyber security strategy is more important than ever. Cyber-attacks are becoming no longer about ‘if’ but ‘when’.
To help prevent damaging cyber security breaches within your organisation, we have put together some precautions you can take today.
Table Of Content:
How To Prevent A Cyber Attack:
- 1. Use Strong Passwords
- 2. Keep Software and Apps Updated
- 3. Use Multi-Factor Authentication
- 4. Educate Your Staff
- 5. Utilise Microsoft Enterprise Mobility + Security (EMS)
1. Use Strong Passwords
A basic way of protecting data is by creating lengthy, complex passwords. This means ditching your old (not so) reliable passwords such as “12345678” or “Password1”. You should be using special characters such as “$!?”. Yes, these can be harder to remember, however an easy way of remembering a password like this would be to use words or a phrase and replace certain letters with numbers/special characters and using a mix of lowercase and uppercase, i.e. “S3cUR5%”. However, be sure to mix this up, as cyber criminals are aware of this substitution method. It’s also important to remember that you shouldn’t be using words personal to you such as your partner’s, pet’s or your child’s name – these can often be easily found online. Lastly, you should never use the same password across multiple different logins!
Not good at remembering lots of complicated passwords? Do not write passwords down in a notebook or on a sticky note. A safe alternative is a password management software. Password management software works by saving encrypted versions of your passwords on your device which only you are able to view and manage. Examples include, True Key, LastPass, Sticky Password and KeePass. We recommend researching all the options available and decide on what software is best for your needs.
One of the big advantages of using password management software, is that it reduces the number of passwords that you need to remember down to 2. One for your password Manager software, and one for your Office 365 account. Both of these passwords should be different and distinct from each other.
2. Keep Software and Apps UpdatedOutdated software has become a common gateway for hackers to gain access to data. If your software isn’t updated, it leaves bugs and holes in the back-end for cyber criminals to exploit. Since software developers frequently publish patch notes, it is even easier to find these flaws. To utilise this, hackers write codes to attack these weaker areas which can then redirect information or use the software for a completely different purpose. Not only do these updates improve reliability and quality of software, they are vital to prevent cyber-attacks.
Microsoft announced that SQL Server 2008 and SQL Server 2008 will stop receiving support and updates after 19 July 2019. If you are still running after this date, you are opening the door to a cyber-attack.
3. Use Multi-Factor AuthenticationUsing passwords alone to protect your most important information is no longer enough. Multi-Factor Authentication (MFA) further protects accounts by requiring the user to verify who they are with at least 2 factors of the following:
• Something you know (e.g. password)
• Something you have (e.g. mobile device)
• Something you are (e.g. fingerprint/facial recognition)
Despite being mostly household names in the headlines for security breaches, it was found that 31% of attacks were aimed at businesses with fewer than 250 employees. This makes it even more important for all business types to be using MFA to protect their business data.
4. Educate Your StaffSo you’ve made sure every employee has strong passwords, up to date software and MFA implemented. Are you completely safe now? No. Hacking is no longer just about a virus on your computer. Social engineering has become more popular among cyber criminals in recent years. Cyber criminals essentially take a direct route in simply asking for the password without the victim being aware. Some examples of how this is achieved are:
• Online, social engineers often send out emails, messages or posts containing malware laced links. This method is called “phishing” and you’ve most likely received one of these. They are often based around your interests/activity to make you believe its real and encourage you to click the link. If you do follow the link, you will either download malware, or be prompted to enter your username and password to that website. Cyber criminals will then have access to your account or computer, and even if you manage to change your password, they could still have some access, for instance if your email is hacked, a forwarding rule could have been set up. For example, “the email contains the words ‘bank’ or ‘money’, so, forward to X” may have been enforced.
• On the phone, where the social engineer would again pose as someone who would typically be granted access to data (i.e. an employee or authority figure), and trick the victim to give up information or go to an unsafe website.
• In the office, a tactic known as “tailgating” is where the social engineer would perhaps wear similar clothing to employees and wait by the office door until a staff member arrives and would follow them in without being questioned whether they have authority as they look the part. This video gives a good example of social engineering:
5. Utilise Microsoft Enterprise Mobility + Security (EMS)EMS aims to give you more control over your data and security. It combines four separate Microsoft products, which are:
• Advanced Threat Analytics – This tracks activity and monitors whether there is abnormal behaviour commencing. If there is, the software alerts suspicious activity and attempts to block unauthorised access.
• Azure Rights Management (Azure RMS) – Azure RMS is integrated into other Microsoft cloud services like Office 365. It provides protection of data from unauthorised access.
• Azure Active Directory (AAD) Premium – Focuses on the user sign in process. It includes Multi-Factor Authentication, cloud based self-service password resets, group-based provisioning, synchronises users’ identities from on-premise directories, and manages access of SaaS (Software as a Service) applications – this is a subscription based service that allows access to software from the cloud, such as Microsoft Office 365.
• Microsoft Intune – Microsoft Intune enables management of mobile devices, applications and company data.
Deploying EMS helps secure and control your business’s information both in the cloud and on premise. It is a powerful tool and can play a big part in protecting data.
Find out more about Mircosoft EMS here.