As Clive Humby famously said, ‘Data is the new oil.’ It’s a commodity so valuable that cybercriminals go to great lengths to get their hands on it. And when they do, they use it for extortion and to sell to other criminals on the dark web. If that isn’t worrying enough, the means by which they try to acquire it can also cause havoc. They will infect entire systems with malware, take systems completely offline with ransomware and use sophisticated techniques to steal login credentials or brute force their way in. Today, it’s every firm’s business to keep their data secure. Here are some of the ways to strengthen yours.
The impact of a data breach
Data breaches can put companies out of business. 60% of those that suffer a cyberattack go under within six months. For the rest, there are significant repercussions. According to IBM’s 2020 Cost of a Data Breach Report, incidents involving data security, such as malware, phishing and device theft, cost UK companies almost £3 billion to recover from. It’s a prolonged process, too. The average company took around nine months to discover and recover from an attack. On top of all this, of course, are lost income, reputational damage and the potential of large fines from the ICO.
1. Use tech and training to prevent phishing
Phishing attacks, usually sent via email, are one of the main ways that cybercriminals will try to steal login credentials or infect a system with malware. Making sure that you have a robust spam filtering tool, such as SpamExperts or Mimecast, will help filter out the vast majority of phishing and malware containing emails.
Of those that manage to get through, statistics show that around a third are opened and clicked on by recipients. This is often because cybercriminals go to great lengths to make these emails look genuine. The key to reducing such incidents lies in training staff to spot the tell-tale signs of phishing emails: poor English, lack of addressee name, email address not matching up with the name of the sender, dodgy-looking logos, etc. Employees also need to know how to deal with these emails: not to open them or any attachments or click on any links, how to report them and safely delete them.
2. Two-factor authentication
Two-factor authentication (2FA) adds another layer of security to the login process, usually asking employees to input a six or seven-digit security code sent to their phone. The advantage of implementing 2FA is that even if a cybercriminal gets hold of the username and password, they won’t have access to the additional code unless they also have the employee’s mobile phone. What’s more, as security codes are only valid for a few minutes, it doesn’t give criminals the time needed to crack them.
3. Virtual Private Networks
A virtual private network (VPN) provides employees with a secure environment in which to work. It does this by securing the connection to the network and encrypting data sent over it. It is particularly vital for those working over wi-fi networks, especially the significant number of employees now working remotely.
4. Automated software updates
Vulnerabilities in outdated applications are one of the biggest threats to data security and are actively targeted by cybercriminals. Updating applications as soon as a patch is released is essential to minimising the risk of a data breach. Unfortunately, too many businesses have paid the price of being slow to update their software.
There are several ways to automate updates. With a managed hosting solution, for example, your provider will automate the patching of your operating system, while you can use tools like Patchman to carry out patching on CMS websites like WordPress. Auto-updates can also be implemented using cPanel and Plesk and from within the admin panel of some website platforms.
Another way to keep applications up to date is to use Software-as-a-Service (SaaS) solutions, such as Microsoft 365, instead of having standalone software installed on the network. Here, the provider will update the software automatically for you whenever they release a new version.
If your data is encrypted, no-one can access it even if it is stolen. Encryption makes it useless to any cybercriminals and ensures that your important information and customer data isn’t used illegally. You can encrypt data in multiple situations. For example, your host can encrypt data stored on your servers, SSL certificates encrypt data transferred between your customers’ browsers and your website and email SSL certificates will encrypt your emails and attachments while verifying the authenticity of your email address to the recipient.
6. Remote backups
If in attempting to steal your data a cybercriminal deletes, corrupts or encrypts it with ransomware, the effects can be devastating. However, it’s not just cybercrime that can result in data loss, so too can hardware failure, human error and various other problems. The solution to not losing your data permanently and getting your systems back up and running quickly is to have an effective backup solution in place.
While there are many ways to do this, one of the most effective is to use the services of your hosting provider. At Anteelo, our backups can be scheduled and automated to take place at the frequencies you need, are stored remotely from your server, encrypted for security and integrity checked so you know they will be uncorrupted if you need to use them.
7. Secure hosting
A good web hosting provider will help keep your server and the data stored on it secure by using advanced security tools. At Anteelo, for example, we use powerful next-gen firewalls with intrusion detection and prevention tools to stop hackers and malware from getting access to your server.
Data is increasingly sought-after by cybercriminals and their modes of operation are getting more sophisticated. Companies need to put cybersecurity at the top of their priorities to prevent attacks that could potentially put them out of business. Hopefully, the measures mentioned here will help you increase the security of your firm’s data.