With 39% of UK businesses having suffered cyber attacks in the last twelve months, cyber security consultancy firm, FoxTech, provide their insights into four of their most frequently identified issues to help businesses become more aware of the problems they might have, and what to do about them.
1. You don’t know what devices your employees are working on
The UK government’s Cyber Security Breaches Survey 2021 found that organisations have found it more difficult to keep track of their endpoints since home working has become a widespread practice. Many employees now conduct business on a number of devices each day, including office desktops, company-owned laptops, personal computers and smartphones.
Why is having a lot of devices a problem? Anthony Green, CTO of FoxTech discusses:
“It isn’t a problem in itself,” says Anthony, “but it becomes an issue because today’s model of working can mean that business owners or IT managers don’t even know what devices are being used to access sensitive company data, or how secure these devices are. Problems such as working with unsupported versions of Windows and not updating malware protection and firewall software increased markedly in 2021, compared to 2020, and the Cyber Security Breaches Survey 2021 attributes the decline in proper endpoint security measures to large and diverse device profiles.”
What to do:
- Minimise the amount of sensitive data stored on both company and personal devices by making sure employees can access only the data they need
- Create a ‘bring your own device’ (BYOD) policy. The National Cyber Security centre (NCSC) has an excellent step-by-step guide to creating a BYOD policy
You haven’t kept track of your online assets
“When we run our security analyses, one of the most common things we find are forgotten assets such as website domains and databases. Often, these are exposed to the internet – completely unbeknownst to the company. Forgotten assets are an easy entry point for hackers – they can use them to jump to software, files and devices that you are using in an attempt to steal your data.”
What to do:
- Companies who have lost track of their online assets can run one of FoxTech’s free CyberRisk Assessments. This shows instantly what assets you have, and whether they are exposed to the internet
- Remove/take down any unused assets to ensure your online presence is limited to only what is necessary and manageable
- Invest in professional cyber security monitoring for existing assets to ensure any suspicious activity is spotted
3. You don’t have DMARC set up
Domain-based Message Authentication Reporting and Conformance (DMARC) is an email authentication, policy, and reporting protocol. In layman’s terms, it protects you from email spoofing (people sending emails on behalf of your domain), spam and phishing scams.
“According to security software firm Trend Micro, 91% of breaches start with a phishing email, so setting up DMARC is one of the best ways to prevent anyone from successfully targeting your email database.”
What to do:
- Configure DMARC. The good news is, it’s not expensive. Installing it yourself is free, and getting it set up by a trusted third-party cybersecurity firm comes at a low cost
4. You put off installing software updates
Installing software updates is a fast and free way to strengthen company system security. Software updates offer a number of benefits and revisions including patching security flaws, removing bugs and getting rid of any outdated features from your device.
What to do:
- Locate devices that are still running on outdated software
- Don’t just rely on alerts. Not all devices give adequate software update alerts, so it’s good practice to manually check for updates at least once a month
- Educate employees on the importance of software updates, and create a company policy around regularly checking for, and installing updates across all your devices and software packages