It is never long before yet another company suffers a data breach. Although many of these organisations have been the victim of a complex hack, often this is not the case.
The Cyber Security Breaches Survey reported that, in 2017, 46% of all UK businesses had identified at least one cyber security breach or attack. This is a massive increase on 2016, when only 24% of businesses detected one or more cyber security breaches.
If large or well-known organisations suffer data breaches you might think that you have little chance of avoiding one, but many breaches can be prevented by implementing the simplest solutions.
Identify phishing emails
Phishing emails are the most common cause of breaches, with 72% of cyber security breaches originating from staff receiving fraudulent emails.
Snapchat fell victim to a phishing scam when staff were targeted by a spam email impersonating the company’s CEO. The email asked for payroll information, which unfortunately an employee disclosed.
Never open an attachment that you are not expecting or click a link that comes from an unknown sender. Make sure your staff are aware of this and know how to identify a spam email. This may seem simple enough, but phishing emails are becoming more and more complex, with many people being fooled.
Increase password security
Passwords are vital in ensuring the security of your sensitive data, but they still need to be strong or they won’t be effective.
Make sure that your staff change their passwords at least every six months, and use combinations of upper- and lower-case letters, numbers and symbols. It is also vital that passwords are not shared with any other members of staff. A password is for that individual only and should never be revealed or passed on to anyone.
Make sure confidential information stays confidential
Too many data breaches are caused by staff leaking information. These breaches are often due to an employee accidently passing on the data, but data is sometimes taken by ex-employees, too.
This happened to Ofcom in 2016 when an ex-employee stole six years’ worth of third-party data to pass on to his new employer.
A simple way to avoid these types of breaches is to limit access to sensitive data to the relevant members of staff and to cut off access when an employee leaves. Not all staff need access to this information, so make sure it is limited to appropriate employees only.
Make sure you have all the necessary antivirus and anti-malware software installed on your system. You should also have firewalls in place to prevent unauthorised access to your network. Using such software can restrict a hacker’s access to your data and avoid multiple cyber security breaches.
Conduct regular tests and audits
One of the most effective ways to protect yourself from a data breach is to find out if you are vulnerable to one. By conducting regular tests and audits, you can get proof that your data is secure, minimising the risk of a breach.
An information security management system (ISMS) can help you manage all your security processes in one place, consistently and cost-effectively. It is a system of processes, documents, technology and people, that manages information risks, such as cyber attacks, hacks, data leaks or theft.
ISO 27001 is the international standard that describes best practice for an ISMS. It provides a proven framework that helps organisations protect their information through effective technology, auditing and testing practices, organisational processes and staff awareness programmes.
Be better prepared for a cyber attack with proven solutions delivered by the team who led the world’s first successful ISO 27001 implementation.