The subjects of hacking and data breaches have been making serious headlines for the past couple of years. Last year online dating site Guardian Soulmates saw user information leaked and payday loan company Wonga suffered a data attack. We’ve most recently seen the NHS brought to its knees by ransomware, causing chaos across the country.
Part of the issue in the case of the NHS was the outdated systems in use - which is a common sight in large organisations. If your IT team tells you it’s impossible to apply updates due to the way in which your infrastructure has been developed, this should ring very loud alarm bells.
IT is often an area of underfunding in big companies, and as someone who works in the digital industry we can see the vulnerabilities day in, day out. But it’s not just large organisations, which are typically slow to move on cyber security, that are affected by cyber criminals. A survey from the British Chambers of Commerce (BCC) recently revealed that 20 per cent of companies in the UK have been hacked by criminals in the last year alone.
The world is changing fast. We’re currently living in a business landscape that is seeing huge rates of technological innovation – such as new smart devices and cloud computing – but these often represent new ways into a company’s network. The number of opportunities for criminals to find a way to access your data or your systems is increasing every day. The scale of tools available to hackers grows by the day, with even off-the-shelf tools now available for cyber criminals to use to exploit apparent weaknesses.
That means it’s only really a matter of time until you might get hacked. And the consequences are serious. Not only do you risk a big PR nightmare, but there are real costs in financial terms, the loss of customer data, and the task in cleaning up afterwards, not to mention the risk of sensitive customer data being in the wrong hands. The future will be worse, as the Government looks to bring “last resort” penalties to companies who do not prove that they’re taking necessary steps to prevent attacks from happening.
So, in the war against cyber criminals and to protect your business getting a breach or hefty fine, what can you do? If you’re a company MD or director, there are plenty of steps you can take – ranging from basic actions to more complex defenses.
Basic steps include making sure you’ve got antivirus software installed on employee computers - and that it’s up-to-date with the latest versions. Next, is to look at ensuring you have a robust firewall in place - a barrier that uses security rules to control traffic to and from your network.
Ensuring you update your systems by using the latest versions of software, which have all been updated to take into account known flaws, is the simplest, most important thing you can do. Updates are usually pushed out to patch security vulnerabilities. Ask your staff to use passwords that are long enough, and complex enough, using symbols or capitals. As strange as it sounds, passwords should not be memorable. The influx of password management software available is a huge step in the right direction for IT security. The use of SSL certificates and encryption in your communication protocols is also imperative.
Stay in touch with what your staff or users are doing, and control the flow of traffic with firewall rules and company policy. Keeping your company’s infrastructure secure doesn’t have to be a painful, expensive task; apply sensible rules and guidelines and don’t go overboard, keep things simple and maintainable.
Ollie Piddubriwnyj, managing director of Fifteen