This post is also available in: עברית (Hebrew)
If recent years could be defined with one thing, it would probably be the giant technological leap forward. With the benefits come difficulties, and as we move forward technologically we are becoming more vulnerable to cyber attacks on ourselves and our organizations. Earlier this year a Government research found that nearly half of all UK organizations suffered a cyber-security breach or attack in the past 12 months, while attacks are continuing to become more sophisticated and widespread
The fact is that all organizations – including yours – are at risk of attack.
With that in mind, what can organizations do to protect themselves from cyber-attacks? Here Charitydigitalnews.co.uk‘s 15 top tips:
- Security starts with processes and policies – you should come up with clear processes for all employees in your organization to follow.
- Always use a firewall to secure your organization’s Internet connection – you should protect your Internet connection with a firewall. This creates a ‘buffer zone’ between your IT network and other external networks. In the simplest case, this means between your computer network and ‘the Internet’. Within this buffer zone, incoming traffic can be analyzed by your IT team to find out whether or not it should be allowed onto your network.
- Anti-virus software is an absolute must – many organizations aren’t using the most-up-to-date version, or their licenses have expired. There’s no better time than now to check if you have a good quality anti-virus software suite that’s fully updated.
- Keep your devices and software up to date – it doesn’t matter which phones, tablets, laptops or computers your organization is using, it’s important they are kept up to date. Also, that is true for both Operating Systems and installed apps or software. Manufacturers and developers release regular updates which not only add new features but fix any security breaches that have been discovered. Operating systems, software, devices and apps should all be set to ‘automatically update’.
- Update outdated IT – all IT has a limited lifespan. When new updates cease to appear for your hardware or software, you should consider a modern replacement.
- Only download from trustworthy sources – we recommend that you only download apps for mobile phones and tablets from manufacturer-approved stores (like Google Play or Apple App Store). These apps are malware checked to provide a certain level of protection. You should prevent staff from downloading apps from unknown sources, as these will not have been checked.
- Consider a sandbox – for those unable to install antivirus or limit users to approved stores, there is another, more technical, solution. Apps and programs can be run in a ‘sandbox’. A sandbox is a term that refers to a testing / experimenting environment that your organization can use in order to be ‘disconnect’ apps and programs that you can’t control from your organization’s network. This prevents them from interacting with, and harming, other parts of your devices or network.
- Train your workers to spot unusual behavior and activity – attacks are sophisticated and can beat the most stringent security measures, so the ability to spot an attack rapidly can make a big difference.
- Educating staff about the need for effective security is important – they need to play their part in ensuring software and operating systems have been updated and they’re following the correct procedures. It’s recommended that you post a monthly memo regarding this issue.
- Password protection is essential – and passwords must be strong! It’s worth pointing out that banks recommend that you never share passwords or online banking secure codes to anyone on the telephone.
- Password changing – it is highly recommended that your staff will change their passwords on a bi-monthly basis, to limit the possibility that an unauthorized person will get hold of a worker’s password.
- Back everything up regularly to protect vital data – cloud back-ups and/or off-site back-ups are a good idea. Also, try to make back-ups automatic to ensure they happen when they should.
- Control who has access to your data and services – to minimise the potential damage that could be done if an account is stolen, staff accounts should have just the essential access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should be given only to those who need them.
- Choose the most secure settings for your devices and software – manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorized access to your data, often with ease.
- Try to be up to date with the latest security threats and how to tackle them – there is a lot of data free online, one good source for this information is the antivirus providers, such as kaspersky.com. Remember- information is power in your battle to keep your organization safe in the cyber-space.