How to avoid falling victim to a cyber attack

You don't have to be a big company like TalkTalk to be targeted by hackers.

by Jack Torrance
Last Updated: 24 Feb 2016

The cyber attack that hit TalkTalk last week will likely turn out to be very costly indeed. Though the telco’s share price has rebounded after police arrested a teenager suspected of carrying out the attack, it will certainly give customers tempted by its cut-price contracts pause for thought in the future. Other businesses should sit up and take note.

Don’t be complacent

Cyber attacks aren’t just a problem for big companies like TalkTalk. According to a survey conducted by the Government’s Cyber Streetwise Campaign, one third of small businesses were affected by an external cyber attack at some point in the past year.

‘It’s a mistake to think you’re not going to be a target just because you’re not large enough,’ says Greg Aligiannis, senior director of security at encryption software company Echoworx.

‘There are criminal organisations who have got remote controlled clouds of bots and all they’re doing is scanning from one IP address to another with a known list of vulnerabilities looking for a victim.’ Any unprotected computer that’s connected to the internet could be breached within three minutes, he says.

Get the basics right

Making sure all of your kit has a firewall and antivirus software installed on them is crucial. As are strong passwords - never use relatives' or pets' names, important dates or anything else that would be easy to guess. This kind of thing might seem obvious to you, but you need to make sure everybody on your team knows it too.

Stop ignoring updates

Messages saying your computer needs to restart to install updates can be a massive pain, especially when you're in the middle of some important work. But those updates will ensure that your computer’s defences are as up-to-date as possible.  

‘When the operating system you use, the phone software you use, the application software you use, when those guys publish a security update, make sure that you consume it,’ says Paul Ducklin, senior security advisor at Sophos. The same goes for any mobile devices your employees are using to connect with your systems.

Get your staff on side

All the technology in the world is useless if your staff don’t know how to use it, or don’t feel like they need to. ‘Every company should have an acceptable use and password policy, because sometimes it will be employees who make the situation vulnerable,’ says Dr Peter Chadha, CEO and founder of the IT consultancy DrPete Technology Experts.

Ensuring policies translate into practice isn't always straightforward. Handing staff a long-winded document to read alongside reams and reams of HR policies, expenses policies, travel policies and branding policies on their first day is a surefire way to make sure it will be ignored. You have to communicate the importance of being security conscious in a clear and concise way.

A strong relationship between your tech guys and the rest of the workforce is also important. ‘You need to try and build a culture where it’s ok for people to ask for help or for a second opinion if they are suspicious about anything,’ says Ducklin. If people do give out their password to a cold caller claiming to be from Microsoft or click on a dodgy email link, it’s best that you know about it as soon as possible.

Be careful with data

Cyber thieves aren’t just looking for credit card info. Customer names, addresses, passwords and lifestyle information can all be of use to criminals, and you have a responsibility to protect that information.

‘Understanding what data you need to protect and its value to the business is crucial in allocating security resources effectively,’ says George Anderson, a director at internet security firm Webroot. ‘Why would you have your most valuable data accessible and connected to the internet?’

For particularly important data it might be worth using encryption software, which makes it harder for hackers to access the contents of a file.

Prepare for the worst

Even the most technologically proficient organisation can’t totally eliminate the chance of being attacked, so it’s worth spending some time thinking about what you will do if one does occur. Who will take charge of the clear up, how will you communicate the problem to customers and what will you be able to do to minimise the damage? (More on how to clear up a data leak here).

TalkTalk and all the other cyber attacks that have graced the headlines of late should serve as a wakeup call to all businesses, large and small, about the importance of keeping your systems secure. Don’t let a simple error mean you’re the next target. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

“You literally have to rewrite your job description”

One minute briefing: In hard times, your network becomes more important than ever, says Prezi...

5 bad habits to avoid when leading remotely

In a crisis, it can be hard to recognise when you've taken your eye off...

A top-level guide to scenario planning

COVID creates unprecedented uncertainty, but there are tried and tested ways of preparing for an...

Is it favouritism to protect an employee no one likes?

The Dominic Cummings affair shows the dangers of double standards, but it’s also true that...

Masterclass: Communicating in a crisis

In this video, Moneypenny CEO Joanna Swash and Hill+Knowlton Strategies UK CEO Simon Whitehead discuss...

Remote working forever? No thanks

EKM's CEO Antony Chesworth has had no problems working from home, but he has no...