It is not very sporting but to avoid it happening to you then simply avoid being the one who is caught. This applies to many things in life but none more so that cybersecurity attacks. Unless you are a high visibility target like the Government or a Multi-Billion Enterprise the chances are if you are hacked it is because your security was simply weaker than most others making you an easy target.
If you do not want your business to get hacked and let us face it no one wants to get hacked, then by simply implementing the basics you can avoid being a simple target.
Let me be clear hear, I am not talking about expensive complex solutions to instantly give you banking level protection (and lest we not forget the banks get hacked also) but just providing you with the simple steps that get you to first base.
First thing to understand is no matter how good your systems are or how well educated your staff are there is always the possibility that someone will click on an attachment to an email or a link in an email that is malicious. The result from that can be devastating.
Second thing to understand is that with a good solid backup strategy you can recover from almost any type of ransomware attack with limited downtime and impact to the business.
I am not going to do into data breaches here where someone has access to your data and tries to exploit that to their financial gain.
So, lets cover the simple basics that means you are unlikely to be the one caught out.
First and foremost, wherever your business subscribes to a cloud-based solution you must implement 2FA (two factor authentication) on ALL accounts. Very common is for the IT Department to implement 2FA for all users but not the admin accounts (as that is troublesome for them). It does not matter what type of cloud solution it is implement 2FA tomorrow and if the system does not have 2FA ability then you should be asking yourself whether it is a suitable solution. My advice would be it is not. In addition to 2FA make sure you have strong passwords for everything. You can write down your passwords in a little black book if you like as long as you keep it safe. Most hacks are not done by someone you know so the chances of them stealing your book and hacking you are very remote. Not impossible just remote.
Secondly, backups are so important. If your data backup is a device connected to the server in your office, then if you get a ransomware attack then the backup is likely to get encrypted as well meaning not only do you lose access to your live data, but you lose access to your backup data also. Backups need to be regularly taken and moved offline ASAP to ensure there is no way they can get encrypted as well. If you have a solid backup strategy, then you have limited exposure to a ransomware attack.
Thirdly with your cloud systems you need to ensure you have a backup of all the data there. Do not assume that your cloud service provider is responsible for data integrity also as they are most likely not. You must ensure there is a backup of the cloud data regularly taken and stored somewhere else.
These three things in addition to good training of your employees on cybersecurity risks will help you to stay ahead of the slowest organisation who hopefully will be the one that gets hacked rather than your company. There is no excuse for businesses to suffer from a ransomware or phishing attacks these days if you do the basics of cyber security.
If you want to discuss your company’s security and ensure you have the basics in place as a minimum please feel free to contact me at FunctionEight on my email phil.aldridge@dev.functioneight.com