The decorations are up, the tree is shining brightly, and you're waiting for ITV to show the annual afternoon run of Christmas films; Elf, The Grinch and Jingle All The Way... which can only mean one thing, it’s Christmas!
Whilst many of us see the festive period as a time to relax and put our feet up, cybercriminals see it as an opportunity to slip under the radar and launch an attack at a time when victims are caught off guard.
The implications of a cyber-attack can be detrimental to your business, a cyber incident could have huge financial implications on sales, negative reputational damage, or you may not be able to pay your staff their Christmas bonus. It has also been known for cyber-attacks to cause enough damage that businesses have been left with no choice but to face administration.
Online security doesn’t need to be complicated or stressful; following some simple steps can be the difference in you falling victim to a cyber-attack. To help you prepare your business before the upcoming Christmas break, we have produced a simple checklist of 8 things you should do to secure your business before leaving the office for the holidays.
Identify your most valuable assets in a cyber security risk assessment
Risk assessments are not new to most business owners, you need to have one for physical risks or financial risks, so why wouldn’t you have one for your security?
Online security should fall into your cyber risk assessment and identify information assets that could be affected by a cyber-attack (such as hardware, systems, devices, customer data, intellectual property, social media accounts etc).
Talk to us about our Cyber Risk Exposure Assessment; it's closely linked to an industry-standard framework and methodology and assesses risks over three fundamental categories; Basic Controls, Foundational Controls, and Organisational Controls.
Do you need to promote your business as unoccupied?
If you were leaving your home unoccupied to go on holiday, you wouldn’t post this on social media or announce it in an email to your whole organisation – so why would you treat your business holiday any differently?
Many businesses are guilty of promoting they will be out of the office during the festive period or that their offices will be closed during certain periods. In doing this, you practically invite hackers to explore the weaknesses in your systems and devices while enjoying a Christmas break.
Make sure you have a Cyber Incident Response Plan - so you're prepared should an attack occur
A cyber security incident response plan provides a process that will help your business, charity or third-sector organisation to prepare for, respond and recover from cyber incidents. Download yours here.
The checklists included in this plan help businesses to consider the full spectrum of possibilities – from undertaking weekly IT security checks to ensuring you are testing your staff's response to incidents.
The pack also features contributions from law firm Irwin Mitchell, their guidance ensures businesses are aware of the key commercial and legal implications of a cyber incident.
Install anti-virus software and don't forget to check it’s working!
Cyber threats are constantly changing and adapting to break down our defences, so installing anti-virus software has never been more important. Antivirus software creates a barrier against malware, which is malicious software or viruses designed to cause havoc on your devices.
It would be best to have antivirus software on all computers and devices and only install approved software on tablets and smartphones. It is also advised to prevent users from downloading third-party apps from unknown sources.
Create strong passwords and take advantage of a password manager
Passwords are the door key to your business and if you don’t feel comfortable giving someone your key, perhaps password123 isn’t the strongest password to use. Having a more complex password that isn’t a pet name, your favourite sports team’s name is a very good place to start.
If you’re using the same one for multiple accounts, the best practice is to change them using three random words and a password manager will help you remember them all.
Do you have Multi-factor authentication turned on?
Multi-factor authentication, (also known as two-step verification), will ask you for multiple verification factors before access can be gained to your online accounts. Often the verification factor might be a one-time password where you are asked to enter a 4-digit code that you receive via SMS, email or through an authenticator app.
Multi-factor authentication provides you with greater assurance that the access request is genuine, which reduces the risk of unauthorised access to your accounts.
When did you last backup and update your data?
Take regular backups of your essential data and test if they can be restored. This will reduce the inconvenience of any data loss from theft, fire, or other physical damage or ransomware.
Identify what needs to be backed up (usually documents, photos, emails, and calendars) and ensure the backup device is not permanently connected to the original machine.
Also, be sure to keep your devices and software updated. Software vulnerabilities are security holes that offer an easy way for cybercriminals to infect your systems.
Becoming a member of The North West Cyber Resilience Centre is Free
Daily, businesses of all sizes in the UK are being targeted by cyber-attacks. Our FREE membership is easy to follow, quick to action and highly effective in helping your business and your supply chain to become more resilient to online crime.
You can access a range of new downloadable resources which include; our Cyber Advent Calendar, Cyber Security Checklist, our Small Business Guide to Cyber Security and access our free Cyber Health Check to review security measures in your business. Membership is open to all businesses in the North West; register today.
Comments