Rapid advances in technology have led to new opportunities and potential efficiencies for firms of all sizes.
Yet they have also led to an accompanying rapid rise in the risk of cyberthreats.
Cybersecurity, that is, the protection of systems, networks and data in cyberspace, has become a critical business issue.
And it's an issue that will only become more important as the ‘Internet of Things’ (IoT) advances.
Attacks on ‘IoT’ devices are expected to increase due to the growth in the number of connected devices, poor security and the high value of data held on these devices.
The risk to your business information and your computer assets comes from a broad spectrum of threats which will vary in their sophistication.
The impact (and harm) on your business will depend on the opportunities that are available to an attacker, in terms of how vulnerable your systems are, and the capabilities of the attackers to exploit them.
Ultimately, the impact will also depend on their motivation for attacking you and your business.
This could be:
- to demonstrate technical prowess
- for financial gain
- for commercial advantage
- as a form of political protest
- retaliation by a disgruntled employee or former employee
It's all well and good to have systems such as firewalls and data encryption in place to keep your networks secure from outside invasion.
But these will only work if users (both you and your team) are educated in taking small but important steps in their day-to-day work.
As an organisation you and your staff should do the following:
- Make sure all your PC, computer and laptop updates are carried out on a regular basis
- Make sure all your PCs, computers and laptops use anti-virus software and anti-spyware protection
- Ensure all staff are using strong passwords. ‘Password’ or ‘abcdef’ should never be used. (This is an obvious one, but still happens too often.) Always use a combination of letters, numbers and characters
- Do not write passwords down
- Do not share passwords or user logins
- Never open an attachment or click on a link that you aren’t expecting, or engage with an email that's from an email address you don’t recognise
- Avoid publishing sensitive material on social media, and avoid sharing information on your IP (internet protocol) address
- Make sure you have a security policy and that all staff are aware of its contents
- Remind staff regularly about good security practices
Unfortunately, due to the constant development of malware, distributed denial of service (DDoS) attacks and other forms of cyberattack, cybersecurity measures can never keep you 100 per cent safe.
But having a good data security policy in place will help protect you and your firm as much as possible against potential cyberthreats.
It's about making sure you have protected the garden gate, and not just the door to the safe.
If you're in any doubt as to how secure your systems are, then it's worth seeking expert advice.