Expert advice: how to protect your business from cyber attacks

Image of hand hovering over laptop
This hacker was caught red-handed!
"Employees can be the first line of defence for businesses" - Oz Alashe MBE
  • | by Alice Morgan

In May 2018, the new General Data Protection Regulation (GDPR) will come into force, aiming to protect the privacy of EU citizens by changing the way data is processed in organisations.

Business owners are bound by law to put customers back in control of their data, and take extra precautions to protect their info – asking them to check an opt-in box or do nothing to opt in, won't cut the mustard anymore.

Businesses within the EU are already preparing and, in light of recent cyber-attacks, now's the perfect opportunity to make sure your business' security is up to scratch.

So, what can you do to make your business safer for you and your customers?

We asked the experts for their advice.

Austen Clark, managing director of Scottish IT support specialists, Clark Integrated Technologies

Image of Austen Clark

"The Government-backed Cyber Essentials accreditation provides a comprehensive set of guidelines that, when followed, provide the best outcome to reducing the risk to any business.

"It can be applied to a business of any size and it will go a long way to keep your insurance broker happy and confident in providing you with cyber insurance.

"Some steps you can take to make your security tighter include installing a firewall and creating a contingency plan in case you lose your data or suffer a breach. 

"The stigma of being vulnerable to a cyber-attack has the potential of damaging the brand and good reputations will be tarnished by being viewed as having weak security."

Mark James, security specialist for ESET

Image of Mark James

"The number one tip has to be to have a good, tested, off site backup in place.

"Many low-cost options are available and compared to the physical and digital damage ransomware can cause, will only be a small fraction of the final cost of being infected.

"You hear this one a lot, but that's because it works: keeping your operating systems (both desktop and server side) up to date and regularly patched. This will limit the attack vector that the bad guys have.

"Make sure you also consider applications; ideally, you want an application that is currently being maintained and updated."

Harshini Carey, regional director of Neupart, an information security management company

Image of Harshini Carey

"With the right continual training and awareness campaigns, your employees can actually be your strongest asset when it comes to IT security.

"All too often, the upper levels of management only start to think about cyber security when they've already been hit, but they should be aware of the risks and possible implications from day one.

"And, perhaps most importantly, remember to protect your backups! Malware often targets backups, so it's not enough to have made backups, you need to actively protect them as well."

Giovanni Vigna, chief technology officer and co-founder of Lastline, an American cyber security company

Image of Giovanni Vigna

"By introducing a second level of authentication beyond the typical username/password model, you will make it more difficult for your devices to be compromised.

"Use two-factor authentication (where there are two steps to the sign-in process rather than one password). It often involves a physical token, a code sent to a mobile device, or "out of wallet" information that only the authorised user would have.

"Also, don't click on links without first knowing where they're going - hover over them to see the URL and review it closely to see where the link really goes. This helps to protect against phishing scam emails that attempt to engineer information, or from malware that can infect a system by clicking on the link or by visiting a spoofed website."

Oz Alashe MBE, CEO of CybSafe, a cloud based platform that reduces cyber risk

Image of Oz Alashe

"If cyber security incidents at Facebook, Sony and most recently, Parliament has taught us anything, it is that businesses need to take a much more holistic approach to cyber security.

Relying singly on security software isn't enough.

Education of employees and a focus on permanently changing online behaviour is part of the solution. Employees can be the first line of defence for businesses. Whether a company wishes to prevent phishing, malware, password attacks, ransomware or human error incidents, education is key.

By accounting for this 'human factor' in cyber security - a combination of psychology and education - businesses can start to seal the cracks in their cyber defences and reduce their chance of succumbing to a cyber-attack."

Looking for a great deal on your business insurance? Compare fantastic prices with GoCompare