Attacks on business IT systems are common in the UK and can affect organisations of all sizes. These attacks aim to steal information, money or to disrupt a business by hacking. As cyber attacks increase in quantity and sophistication, the global cost is estimated to hit $6 trillion by 2021. This makes effective security a critical issue for business leaders and it is also a subject of extreme importance to us here at Pure. We are putting robust strategies in place to protect our client and candidate data and to prevent any disruption to our business operations.
Nadia Mullins-Hills, Pure’s IT & Projects Manager, attended all of the Director Insight sessions. She said: “We learnt a lot about how we can build on our ongoing work to secure our systems and data. It was also evident from the sessions that the levels of understanding about cyber crime varied among attendees and that local organisations were all at different stages in their cyber security journey. The positive and main message which everyone took away is that 80% of attacks could be avoided by good cyber hygiene. This simply means being aware of the potential threats to your business and getting the basics right to mitigate against data leaks and hacks.”
Here are some cyber security top tips, compiled from the sessions and Pure's own work:
Improve user awareness
The human element is one of the biggest risks factors of cyber crime, whether criminals are targeting businesses or individuals. Taking the time to increase understanding of the potential threats and to raise awareness of the types of potential crime will help to protect your employees both at home and at work.
At Pure, we recently carried out cyber crime training with our management team. This included some fantastic, free business support and training from Rebecca Tinsley, Regional Cyber Project Coordinator at the Eastern Region Special Operations Unit (ERSOU). We looked at the potential threats, such as phishing attacks where fraudulent attempts are made to obtain sensitive information such as user names, passwords and credit card details. We also highlighted the potential impacts on our business, including a loss of money, a loss of data or the installation of malicious software. Most importantly we shared top tips on what to look out for and what to do if anyone is unsure about a phone call, message or email they may have received. We will be following this up with company-wide training and we will also include cyber crime awareness as part of our induction process for all new employees.
Password policies
One of the key areas we are raising awareness of is password security. People should have passwords that they can remember easily, so they don’t have to write them down, but still use a different password for each platform. This makes it harder for cyber criminals to infiltrate more than one system or account. If the same password is used across numerous different platforms, cyber criminals only need to hack one account and could potentially gain access to a wealth of different information across multiple accounts, from credit card details stored online through to personal data. Following advice from the National Cyber Security Centre on what makes a good password, we have recommended that people choose three different, random words which are easy for them to remember and then to use variations and combinations of these to make up a separate password for each different platform.
Use two factor authentication
Two factor authentication is something many people will already be familiar with and will be doing when they access accounts such as their internet banking or cloud storage. This is when you are asked for a second piece of authentication, beyond just your user name and password, if you are trying to log on from a different device or carrying out a high value or new transaction. The second piece of authentication could be additional memorable data provided when the account was set up, or it could involve a separate passcode being sent to your mobile phone. The two authentication elements needed to log-in makes it extremely difficult for cyber criminals to access accounts. Even if they do have your password, they will still need more information or to have access to your mobile phone. What many people, and businesses, may not be aware of is that this form of additional cyber protection is available for free across many other platforms including Google and Windows. It is worth reviewing all systems to see where this is available and to activate this as part of your account settings.
Create disaster recovery plans
As well as putting plans in place to protect against cyber crime, we are also assessing all the possible risks our organisation may face and creating disaster recovery plans, just in case the worst-case scenario should happen. Cyber crime is not just an IT problem, it is operation-wide and these recovery plans will form an important part of our overall business continuity strategies. As with all business recovery plans, whether in the event of a serious office fire, or a data hack, everyone needs to know who does what, how the communication process will work and what actions they need to take. The recovery plan should be fully tested before it is finalised. All the processes and back up plans put in place then need to be reviewed regularly, for example every six months or annually, to check they are still suitable and to keep on top of any new areas for consideration.
The topic of cyber crime, and the impact it could have on businesses and their employees, was discussed at the spring series of Director Insights, delivered by Pure Executive and Grant Thornton. These quarterly events, held in Cambridge, Chelmsford, Ipswich and Norwich, bring business leaders together to share experiences and gain insights from industry experts. They are part of an extensive calendar of events by Pure to support local businesses and the economic growth of the Eastern region.