Cyber security and your employees: How to protect your networks against common risks

According to statistics from the UK Government’s National Cyber Security Centre, there is an almost 1 in 2 chance that, as an SME, your company will experience a cyber security breach. The European Union Agency for Cyber Security has also identified that, while the majority of small and medium businesses have some security measures in place – firewalls, antivirus protection and/or backups – far fewer take additional proactive steps like training employees or using logging or alerting systems to mitigate the risks.

But when UK small businesses are being targeted with 65,000 attempted cyber-attacks every day, IT managers and decision makers need to put cyber security at the very heart of their business plans.

Why cyber security awareness matters: Increased threat from hybrid working models

Cyber-attacks have a huge impact on businesses and the individuals who work within them, and it’s critical that everyone in the company is aware of where the risks might be coming from. On an employee level, educating about phishing emails and scams designed to target personal data and/or money are a good place to start.

On an organisational level, training around DDoS and ransomware attacks is imperative, as these attacks are on the rise globally. DDoS attacks in particular can cause huge problems for SMEs by disrupting networks, slowing websites and customer portals and interrupting data transfer, all of which can have both an immediate financial impact and cause long-term reputational damage.

It’s vital, therefore, that businesses ensure their teams are armed with the knowledge they need to play their part in keeping networks safe, while IT managers should implement proactive measures to detect, log and alert about potential attacks or partner with a service provider who can help them manage threat detection regardless of the location and devices on the network.

Cyber security measures you can implement now            

There are lots of things your internal IT teams can do to minimise the risks posed by cyber-attacks.

• Know where your access points are. You can’t protect what you can’t see, so you need to know exactly where in your network people and devices are being given access. You’ll need to build a remote access plan that ensures everything is verified, and that you segment users to ensure they are authenticated, wherever they are logging on from.
• Protect all BYOD devices. Unless you’re supplying company laptops and mobile phones, the chances are users will be logging on with their own devices. Unprotected devices leave your network vulnerable, though, so it’s vital that each device has the right anti-virus and security protection in place. Train users on the importance of using firewalls and anti-virus on their home computers, and support them to properly secure their devices.
• Ask remote workers to strengthen passwords. If employees are connecting to your business networks via home WIFI with weak passwords, your IT environment is vulnerable to attack. Educate users about the dangers of unsecured networks for them personally, as well the business as a whole.
• Stress-test your VPN. If you have workers logging into your networks remotely, either as standard or as a temporary measure, it’s important that your network can handle the volume of incoming and outgoing traffic. You’ll need to have a robust VPN or SDP in place, and to carry out thorough stress-testing.
• Limit access to sensitive data. It’s well worth taking the time to do a thorough audit of your data estate to ensure only the relevant people are granted access to sensitive files. Couple this with a segmented workforce to minimise the risks and threats to business-critical areas of your network.
•  Train your teams. The best weapon you have in your defence against cyber criminals is a knowledgeable workforce that is invested in keeping your business safe. Make sure all your teams know what your cyber security policy looks like, and keep them updated about the latest scams. Equip them with the knowledge they need to keep themselves, their devices and the company safe – and why it matters – and make sure they know what to do in the event they fall victim to a scam or attack.

The important thing to remember is that cyber security isn’t a one-off fix, in the same way that cyber attacks aren’t a one-off threat. True network security is a combination of skills, technology and services that, when done well and kept up-to-date, shores up online safety and elevates business resilience.

Protection against every threat with cyber monitoring and alerting 

Recognising that employee behaviour can pose a risk to your online safety is the first step towards achieving cyber security. Human error represents one of the biggest threats to small and medium businesses like yours, and it’s absolutely vital to have appropriate and robust security measures in place, as well as employees who are trained and conversant in matters of cyber security.

For complete peace of mind, VCG’s cyber security monitoring and alerting service delivers a business-wide solution to keep you safe and connected, 24/7/365. Evolve your cyber security strategy with a managed service that constantly monitors, analyses, assesses and alerts against threats, while improving response and recovery time, unifying visibility across environments and simplifying firewall and device management.

For more on VCG’s managed threat detection solutions, read our cyber security monitoring and alerting service factsheet.