With 39% of UK businesses having suffered cyber attacks in the last twelve months, cyber security consultancy firm, FoxTech, provide their insights into four of their most frequently identified issues to help businesses become more aware of the problems they might have, and what to do about them.
1. You don鈥檛 know what devices your employees are working on
The UK government鈥檚 Cyber Security Breaches Survey 2021 found that organisations have found it more difficult to keep track of their endpoints since home working has become a widespread practice. Many employees now conduct business on a number of devices each day, including office desktops, company-owned laptops, personal computers and smartphones.
Why is having a lot of devices a problem? Anthony Green, CTO of FoxTech discusses:
鈥淚t isn鈥檛 a problem in itself,鈥 says Anthony, 鈥渂ut it becomes an issue because today鈥檚 model of working can mean that business owners or IT managers don鈥檛 even know what devices are being used to access sensitive company data, or how secure these devices are. Problems such as working with unsupported versions of Windows and not updating malware protection and firewall software increased markedly in 2021, compared to 2020, and the Cyber Security Breaches Survey 2021 attributes the decline in proper endpoint security measures to large and diverse device profiles.鈥
What to do:
- Minimise the amount of sensitive data stored on both company and personal devices by making sure employees can access only the data they need
- Create a 鈥榖ring your own device鈥 (BYOD) policy. The National Cyber Security centre (NCSC) has an excellent step-by-step聽guide to creating a BYOD policy
You haven鈥檛 kept track of your online assets
鈥淲hen we run our security analyses, one of the most common things we find are forgotten assets such as website domains and databases. Often, these are exposed to the internet – completely unbeknownst to the company. Forgotten assets are an easy entry point for hackers 鈥 they can use them to jump to software, files and devices that you are using in an attempt to steal your data.鈥
What to do:
- Companies who have lost track of their online assets can run one of聽FoxTech鈥檚 free CyberRisk Assessments. This shows instantly what assets you have, and whether they are exposed to the internet
- Remove/take down any unused assets聽to ensure your online presence is limited to only what is necessary and manageable
- Invest in professional cyber security monitoring for existing assets to ensure any suspicious activity is spotted
3. You don鈥檛 have DMARC set up
Domain-based Message Authentication Reporting and Conformance (DMARC) is an email authentication, policy, and reporting protocol. In layman鈥檚 terms, it protects you from email spoofing (people sending emails on behalf of your domain), spam and phishing scams.
鈥淎ccording to security software firm Trend Micro, 91% of breaches start with a phishing email, so setting up DMARC is one of the best ways to prevent anyone from successfully targeting your email database.鈥
What to do:
- Configure DMARC. The good news is, it鈥檚 not expensive. Installing it yourself is free, and聽getting it set up by a trusted third-party cybersecurity firm聽comes at a low cost
4. You put off installing software updates
Installing software updates is a fast and free way to strengthen company system security. Software updates offer a number of benefits and revisions including patching security flaws, removing bugs and getting rid of any outdated features from your device.
What to do:
- 聽Locate devices that are still running on outdated software
- Don鈥檛 just rely on alerts. Not all devices give adequate software update alerts, so it鈥檚 good practice to manually check for updates at least once a month
- Educate employees on the importance of software updates, and create a company policy around regularly checking for, and installing updates across all your devices and software packages
