The year-on-year increase in cyber-crime, compounded by ongoing events in Eastern Europe, means that data security has never been more of a concern for British businesses and organisations.
The cost to rectify a successful breach can run into millions. Clearly, it’s preferable to secure that data ‘gate’ in advance than frantically scrabble around trying to shut it after an attack.
Now more than ever organisations need to take a robust approach to data protection.
The Damage
In 2021, 39% of UK businesses reported cyber-attacks or security breaches. Attacks focused predominately on large and medium-sized businesses, and the bigger charities. The education sector has also come under sustained attack in recent years.
It’s costly for organisations to fix things after a successful cyber-attack. Firstly, there’s the financial cost as highlighted in this report: Cyber Security Breaches Survey 2021. And there is the reputational damage too – something that’s hard to measure and may take some time to become evident, but it can be as harmful as the cost.
Preventing Attacks on Your Data
Unfortunately, nothing is 100% secure. But you can take some relatively simple steps to significantly reduce the risks. Security breaches are often caused when someone temporarily, and often only briefly, lets their guard down – working on a public network for example, weak access controls or losing a device in a public area. With proper training and ongoing reminders about data security protocols and vigilance, risks can be reduced. Here are some things to consider:
Be wary with incoming emails – particularly if they have attachments. Only open the attachment if you know it’s come from a trustworthy source.
Also watch out for links that come in on your phone. Don’t know who it’s from? Don’t open it. A common mobile hacking technique is to send a message telling you there’s a parcel waiting for delivery, inviting you to click on a link.
Passwords. Favourite pets, holiday destinations and children’s names… don’t. Consider using random, unconnected words: towelcakevenus or archmonkeydrill. These sorts of combinations are much harder to hack. Enforce periodic password changes, blacklist common passwords and set rules around password lengths or configurations.
Listen to your IT people and do what they say; they know what they’re talking about. Closely follow all of your organisation’s IT and data protocols.
Have different levels of access throughout the business – so that employees can only access what they need for their role.
Avoid using public Wi-Fi networks. Working in cafes or libraries, using publicly accessible Wi-Fi can lead to security breaches.
Introduce multifactor authentication. Also monitor user behaviour. For example, Sam, when working from home, logs on between 8.00 and 8.30am within the NG2 postcode. Then, one day ‘Sam’ logs on at 5.30am in Liverpool – the behaviour will be flagged as suspicious.
Keep your systems up to date. Deploy all updates.
Encrypt important data when it’s in transit and also when stored.
If you take a laptop home or move between premises, get to your destination as quickly and directly as possible. Be vigilant if you use public transport or stop off anywhere. Keep all work-related items out of site when you park your car. Keep your car doors locked when travelling if you have a laptop or work items on the front passenger seat.
Ongoing employee education about the risk and consequences of data breaches is important. Cite examples. Endeavour to create a ‘safety first’ culture around cyber security in the workplace.
Data breaches are costly to fix and, depending on the circumstances, may also warrant a fine for not keeping data securely. A successful cyber-attack will also damage the business’s reputation. All organisations need to employ measures that reduce these risks.
MHR, the HR, payroll and finance experts, have been successfully protecting sensitive data for nearly 40 years. Our industry-leading security protocols protect customer systems and data no matter where they operate or how their data is used, reducing their risk of a security breach or cyber-attack – providing peace-of-mind and business resilience. Find out what MHR can do to help you protect your data.