Be proactive not reactive: Five simple steps to protect your brand reputation from future cyber attacks
On Friday 12th May, a global coordinated ransomware 'attack' began, affecting thousands of large and small private and public sector businesses. The attacks most high-profile victim, the NHS, suffered incredibly by way of operational business functionality, but also by way of business reputation.
Cybersecurity firm Secarma are warning businesses, large and small, that prevention is key to avoiding future attacks, and according to research from the Kaspersky Lab, 90% of businesses underestimate the threat of malware to their business continuity and brand reputation. A cyber attack on a business can be hugely detrimental to the longevity of that business.
According to IBM, small and mid-sized organisations are hit by 62% of all cyber-attacks, and unfortunately, the US' National Cyber Security Alliance reported that 60% of small businesses are unable to sustain their businesses over six months following a cyber attack. But there are ways to protect your organisation's brand reputation and business future from the damage of a cyber-attack. Paul Harris, Managing Director of Secarma, is encouraging businesses of every type and size to implement "board-level priority" in order to prevent a very real chance of future attacks and damaged reputations. "This is not a spike; typical individual and business attacks happen every day. There is a constant high level of threat and it's something that can be mitigated by following basic IT security practices." Protect your business' brand reputation in 5 easy steps:
Apply patches when they become available and implement a patching policy
Applying patches especially with security updates in a timely manner is essential. This goes for everything, from Windows update as well as applications such as Adobe Reader and JAVA.Organisations should have a fully developed and agreed patching policy which includes a methodology to deal with "out of bound" critical patches to cover issues such as these.
Back-up and back up the back-ups
Identify what your business-critical data actually is, and back it up to devices not connected to the internet. Ideally, a back-up should be maintained off site.
Use quality antivirus software and keep it up to date
Virus definitions are normally updated at least once a day, ensure your virus database is updated regularly to protect against the latest threats. Utilise software which will scan in real time threats from emails, downloads and web browsing. To add depth to your defences consider adding additional malware scanning technology into your email chain. Relying on one anti-virus vendor from mail server and end node protection does not guard against a threat to that specific product.
Understand your network defences and have them tested
Your firewall is your first line of defence. Ensuring that you are aware of which protocols and services you let into and out of your organisation is crucial. Keeping your network devices and firewall rule set is equally as important. Engage in regular penetration testing and vulnerability scanning using a reliable 3rd party supplier of these services.
Train your staff
Given threats such as ransomware are on the increase it is even more important to establish a culture of security awareness. Targeted phishing attacks will only work IF an attacker can convince a user to interact with the payload.
No process can make you completely immune from cyber attack, but by following these 5 steps you can massively reduce the risk of your business being the victim of a cyber attack.