Cyber Security continues to be a top concern of clients given the recent high-profile Ransomware attacks and data breaches. There is almost always more you can do to reduce the likelihood or impact of an attack on your business.

The bad guys are winning. Cyber criminals both organised crime and opportunist hackers are out there in force, trying to find ways to steal your data, hold you to ransom, or hurt your reputation.

In the Spring 2016 edition of  NUMBERS, Rob McEwan offered five key tips to help you avoid cyber attacks. Here, we add another five steps you need to take to reduce your risk of being hacked. Rob’s five points were:

1. Don’t operate your computer with Administrator-level privileges

2. Ensure operating systems and software are patched and kept up-to-date

3. Remove software you don’t need

4. Always run anti-malware software and keep it up-to-date

5. Make sure to back up your data frequently

Additional cyber tips:

6. Change passwords

A strong password is an effective password. Here, strong refers to passwords that are long, made up of a mix of character types (letters,  numbers, and symbols like *&$}), and are not reused across multiple  systems or websites. You should aim for passwords that are 12 or more  characters in length. A passphrase can be particularly effective.

• Change your passwords every three months.
• Ensure default administrator passwords are changed. Databases, operating systems, and many
• applications and website platforms are installed with default administrator logins and default passwords. If these aren’t changed, your systems and data are exposed.
• When key users and IT staff leave the company, make sure all passwords and PINs are updated. 

7. Encrypt your data

If the bad guys can’t read your data, they can’t use it. Critical data should be stored and transmitted in encrypted form. Confidential and sensitive data stored on hard drives, archive systems, and in backups need to be encrypted. Use strong decryption stored data is easily duplicated, and hackers will be able to attempt decryption of stolen data at their leisure.

8. Educate your staff

Staff are usually the weak link in the majority of successful attacks, so ensuring staff are aware of their security obligations, helping them understand how to recognise bad websites and links, and how to recongnise when they’re being manipulated via social or indirect contacts (i.e. ‘social engineering’), will pay dividends.

9. Have a plan

The most effective way to deal with an attack is to have a prepared plan of action so you don’t forget key steps, or spend unnecessary time working out your plan after the fact. Your plan should cover responsibilities; communication to staff, customers, and regulators as appropriate; steps to keep the business operating until core systems are available; how to restore systems and data if they have been corrupted.

10. Dispose of old systems carefully

Before an old system leaves the company, you need to ensure all data is erased from disk drives in a way that recovery is unlikely. There is a variety of software that can perform a low-level delete, but extreme physical damage can be quick and effective. This could be as simple as dismantling, physically destroying or drilling multiple holes through the casing and disks, or using a high-powered magnet.

DISCLAIMER No liability is assumed by Baker Tilly Staples Rodway for any losses suffered by any person relying directly or indirectly upon any article within this website. It is recommended that you consult your advisor before acting on this information.