How to avoid falling victim to a cyber attack

You don't have to be a big company like TalkTalk to be targeted by hackers.

by Jack Torrance
Last Updated: 24 Feb 2016

The cyber attack that hit TalkTalk last week will likely turn out to be very costly indeed. Though the telco’s share price has rebounded after police arrested a teenager suspected of carrying out the attack, it will certainly give customers tempted by its cut-price contracts pause for thought in the future. Other businesses should sit up and take note.

Don’t be complacent

Cyber attacks aren’t just a problem for big companies like TalkTalk. According to a survey conducted by the Government’s Cyber Streetwise Campaign, one third of small businesses were affected by an external cyber attack at some point in the past year.

‘It’s a mistake to think you’re not going to be a target just because you’re not large enough,’ says Greg Aligiannis, senior director of security at encryption software company Echoworx.

‘There are criminal organisations who have got remote controlled clouds of bots and all they’re doing is scanning from one IP address to another with a known list of vulnerabilities looking for a victim.’ Any unprotected computer that’s connected to the internet could be breached within three minutes, he says.

Get the basics right

Making sure all of your kit has a firewall and antivirus software installed on them is crucial. As are strong passwords - never use relatives' or pets' names, important dates or anything else that would be easy to guess. This kind of thing might seem obvious to you, but you need to make sure everybody on your team knows it too.

Stop ignoring updates

Messages saying your computer needs to restart to install updates can be a massive pain, especially when you're in the middle of some important work. But those updates will ensure that your computer’s defences are as up-to-date as possible.  

‘When the operating system you use, the phone software you use, the application software you use, when those guys publish a security update, make sure that you consume it,’ says Paul Ducklin, senior security advisor at Sophos. The same goes for any mobile devices your employees are using to connect with your systems.

Get your staff on side

All the technology in the world is useless if your staff don’t know how to use it, or don’t feel like they need to. ‘Every company should have an acceptable use and password policy, because sometimes it will be employees who make the situation vulnerable,’ says Dr Peter Chadha, CEO and founder of the IT consultancy DrPete Technology Experts.

Ensuring policies translate into practice isn't always straightforward. Handing staff a long-winded document to read alongside reams and reams of HR policies, expenses policies, travel policies and branding policies on their first day is a surefire way to make sure it will be ignored. You have to communicate the importance of being security conscious in a clear and concise way.

A strong relationship between your tech guys and the rest of the workforce is also important. ‘You need to try and build a culture where it’s ok for people to ask for help or for a second opinion if they are suspicious about anything,’ says Ducklin. If people do give out their password to a cold caller claiming to be from Microsoft or click on a dodgy email link, it’s best that you know about it as soon as possible.

Be careful with data

Cyber thieves aren’t just looking for credit card info. Customer names, addresses, passwords and lifestyle information can all be of use to criminals, and you have a responsibility to protect that information.

‘Understanding what data you need to protect and its value to the business is crucial in allocating security resources effectively,’ says George Anderson, a director at internet security firm Webroot. ‘Why would you have your most valuable data accessible and connected to the internet?’

For particularly important data it might be worth using encryption software, which makes it harder for hackers to access the contents of a file.

Prepare for the worst

Even the most technologically proficient organisation can’t totally eliminate the chance of being attacked, so it’s worth spending some time thinking about what you will do if one does occur. Who will take charge of the clear up, how will you communicate the problem to customers and what will you be able to do to minimise the damage? (More on how to clear up a data leak here).

TalkTalk and all the other cyber attacks that have graced the headlines of late should serve as a wakeup call to all businesses, large and small, about the importance of keeping your systems secure. Don’t let a simple error mean you’re the next target. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

A leadership thought: Treat your colleagues like customers

One minute briefing: Create a platform where others can see their success, says AVEVA CEO...

The ignominious death of Gordon Gekko

Profit at all costs is a defunct philosophy, and purpose a corporate superpower, argues this...

Gender bias is kept alive by those who think it is dead

Research: Greater representation of women does not automatically lead to equal treatment.

What I learned leading a Syrian bank through a civil war

Louai Al Roumani was CFO of Syria's largest private retail bank when the conflict broke...

Martin Sorrell: “There’s something about the unfairness of it that drives me”

EXCLUSIVE: The agency juggernaut on bouncing back, what he would do with WPP and why...

The 10 values that will matter most after COVID-19

According to a survey of Management Today readers.