How to Reduce Your Cyber-Attack Risk and Protect Your Business Part 3
A few more tactical actions to reduce your organisations’ data breach risk.
‘How to Reduce Your Cyber-Attack Risk and Protect Your Business Part 2’ covered five tactical ways to reduce your risk of suffering a data breach. In Part 3, we’ll introduce you to an additional five steps.
In addition, if you have not read Part 1, then why not do so, it covers some great strategic risk mitigation steps. Follow the link, ‘How to Reduce Your Cyber-Attack Risk and Protect Your Business Part 1’ to read it.
- Educate Employees about Social Engineering
Social Engineering is one of the most common techniques used to gain unauthorised access to systems and data. It often forms part of a much larger more sophisticated cyber-attack. Essentially, Social Engineering is all about tricking its victims. It is a ‘con game’ run by hackers in order to get you to do what they want. Moreover, what they want can be any number of things, including:
- Clicking on email attachments that hide malware
- Trick you into giving personal details, passwords, logins etc.
- Run scareware that is useless or hides malware
- Follow links to fake websites that ask for personal info or login details
- Use an Anti-Virus
Common sense dictates that avoiding dodgy websites, refraining from downloading files from file sharing sites, and not clicking on email links from unknown senders, will reduce your risk of falling victim to a computer virus. This does not mean, however, that you can do without an anti-virus program.
The fact is, the above are not the only way your computer can become infected. A simple visit to a website that you trust, that has itself fallen victim to a hacker, could see your computer infected with malware, Trojan viruses, and other digital nasties. Hackers are constantly creating new viruses and finding new ways to get past security.
The advantage of using anti-virus software is that as new threats are detected the anti-virus is updated to combat it. Anti-virus protects you from those threats you are not aware of and forms a valuable risk mitigation tool.
- Be Alert to Phishing Emails
Phishing Emails form part of Social Engineering strategies. Almost everyone who has an email will have come across a phishing email or seen a message from their email program or anti-virus warning then about an email that looks suspicious.
Phishing emails attempt to appear trustworthy and try to trick you into giving sensitive information, clicking on a link, or even persuade you to part with money. Some attempts fail miserably and are even worth a good laugh, yet amazingly, many people still fall for these tricks.
- Revoke Access of Leaving Employees
A very simple risk mitigation action to follow is the resetting of login details and passwords of employees who are leaving the organisation. While in many instances employees who leave do so on good terms and pose no threat, there are always those few who do. A disgruntled employee can use their old credentials to wreak all kinds of havoc. They may steal, damage, or destroy vital company data in their bid for vengeance, leverage, or for financial reward from an equally crooked competitor.
- Don’t Keep Quiet
Lastly, should you fall victim to a cyber-attack despite applying every risk mitigation action you can think of – it can happen – do not keep quiet about it.
Keeping quiet about a data breach is all well and good until you get found out. Then it just ups the damage. If your customers are affected or potentially affected, you need to inform them of this while you repair the loophole. Not doing this breaks trust and could land you in hot water.
Unfortunately, one cannot always avoid, block, or otherwise stay safe from hackers. Therefore, it is a good idea to expect to be breached. If you expect it and you constantly alert and taking measures to strengthen your defences, then you will be far better prepared to deal with a breach and you should at least be able to reduce that potential damage.
Image Credit: Copyright: honzik7 / 123RF Stock Photo