How to protect your business from cybercrime
Cybercrime has become so prevalent, and takes so many different forms, that protecting your business can seem like a daunting task. However, by simply taking care of the basics and following industry best practices, you can harden your defences and fend off the majority of attacks.
As every IT professional knows, cybercrime is on the increase. Modern cybercriminals are motivated by profit and are prepared to put in as much time and effort as they need to breach business computer systems. Cybercriminals have a wide variety of hacks, malware and other attacks available that defending your data assets against them can seem like an overwhelming task. Fortunately, there are a few basic principles you can follow to make life much harder for attackers and make your own job easier.
It is important to remember that there are no silver bullets. There is no single product that you can install which will neutralise all threats. Successful defences rely on a layered approach, using a variety of tools and techniques to provide maximum security. Your ideal solution will be designed around the specific needs of your IT infrastructure and take into account the new challenges faced with the increase in remote working since 2020.
According to a Ponemon Institute research report (2020), concerns expressed by IT and IT security professionals surveyed included a lack of physical security in remote working locations, increased access to critical business systems by remote workers, increased risks of data breaches or security exploits and a lack of authentication methods, in-house expertise, employee education and monitoring services in place for businesses with employees working from home.
To address these concerns, the report made a number of recommendations to reduce the risk of attackers exploiting the conditions of work-from-home to compromise a business’ IT security:
All remote workers should use authentication methods, preferably multi-factor, to access company systems and services.
- Access to devices
Remote workers who use their own devices to access business systems must have security features such as a password, PIN or fingerprint login in place.
- Access to confidential information
Access to confidential information should be controlled, with access based on workers’ roles and responsibilities.
- Secure devices
Ensure that all devices that remote workers may use to access business systems are secured against common threats.
- Updated devices
Remote workers should be required to keep their remote working devices patched and updated at all times.
Education should be provided to workers covering topics such as how to recognise suspicious activity on remote working devices and how to report their concerns to the business.
- Password management
Businesses should require employees to change their passwords regularly. They should also prevent the use of one password for multiple systems or services or the reuse of passwords, and require a minimum password length.
Most competent IT professionals are familiar with the steps above and should already be working to ensure that they are in place. However, it is easy to become complacent or blinded to flaws within systems, especially when you are not a security specialist. It is therefore wise to hire specialist contractors to perform regular security audits and identify weaknesses that you might not have noticed. These specialists can also conduct penetration tests, in which they use the tools and techniques of actual hackers to try to break into your network as a way of testing and verifying your defences.
Finally, it is worth remembering that no security is perfect. You can reduce your risk, but you can never eliminate it completely. Typical business insurance policies do not cover damages resulting from a successful cyberattack, so visit sbinsure.standardbank.co.za and consider purchasing Commercial Cyber Insurance as a safety net.
Ponemon Institute. 2020. ’Cyber Security in the Remote Work Era: A Global Risk Report’. Available [Online] https://www.keepersecurity.com/ponemon2020.html. Accessed: 9 June 2021.
Terms and conditions apply.
Standard Bank Insurance Brokers (Pty) Ltd (Reg. No. 1978/002640/07) is an authorised Financial Services Provider (FSP 224) and part of the Standard Bank Group. The Commercial Cyber Insurance product is underwritten by The Hollard Insurance Company Limited (Reg No. 1952/003004/06), a Licensed Non-Life Insurer and an authorised Financial Services Provider.