As we mention previously in our Cyber Monday article, cyber attacks can have a devastating impact on a business’ operation and reputation. A skilled attack could bring down IT systems for hours or even days and cause significant disruption and revenue losses, as well as requiring substantial resources to fix the problem and alert - and reassure - customers. The attack that shut down parts of the NHS in 2017 is a good example of what could happen if an organisation doesn’t keep its operating systems up to date; the number of attacks on organisations has been increasing, and experts make clear that a cyber attack is more a matter of when, not if.
The fact that the National Cyber Security Centre (NCSC) has defended the UK from over 10 cyber attacks per week since it was created two years ago speaks volumes. It’s impossible to guarantee that cyber attacks can be prevented, therefore it is even more important that businesses do all they can to reduce their exposure and risks to cyber attacks.
We recommend that you review the terms of your contracts with any service providers to ensure that the service levels are adequate and meet your business needs. For example:
- Mistakes: Check the extent to which your service providers bear liability for their own mistakes and for the intentional malicious acts of their own employees.
- Cyber attacks: consider the scope of your service provider’s responsibilities in the event of emergencies.
Here are a few more tips about what to include in your internal cyber security policy in order to mitigate the impact of cyber attacks:
- User access control: maintain a cyber policy that limits which employees can execute commands. This will limit the risk of having malicious software accidentally installed by untrained staff.
- Password policy: train your staff to keep strong passwords.
- Firewalls and internet gateways: good network perimeter defences will detect and block executable downloads, block access to known malicious domains and prevent your computers from communicating directly with the internet. Ensure that your computers have firewalls and software undertaking web filtering and content checking.
- Whitelisting and execution control: ensure that software cannot run or install itself anywhere on the system, including USB or CD drives.
- Secure configuration: limit the operating system, applications and functionality of every device. This will avoid the exploitation of vulnerabilities of unused applications and will help you find malicious codes more quickly in case of an attack.
- Regular staff training: ensure everyone is up to speed on basic cyber security knowhow.
DMH Stallard is part of the SME Cyber Alliance alongside PAV i.t and Sutton Winson. Together we offer expert legal advice, IT support and insurance protection to provide a personal, effective and fast response to cybercrime. If you would like to have a chat about how your business can protect itself better from cyber attacks, review your contracts, or if you were the victim of an attack, please do get in touch with Robert Ganpatsingh on 01273 744213.
(Written by Beatrice Bass)