12 Ways to Improve Cybersecurity

Posted by

Dhruva Pudel

on 30 Aug 2023


Cybersecurity breaches are in the news every month. Some are unavoidable, but by following some simple rules, many can be side-stepped.

12 Ways to Improve Cybersecurity

Listen to our cybersecurity audio:

 

 

As firms do everything possible to make their IT networks impenetrable, organised crime gangs have turned their attention back to low-tech methods. Cybercriminals are now faster, with the average breakout time - the time from initial access to lateral movement - being 79 minutes.

How to reduce the threat of cyberattacks

According to recent estimates, reported losses in the UK due to cybercrime total over £3bn, which is likely to keep rising over the coming years. We have some simple tips on how to improve cybersecurity.

Free Cyber Security Training Presentation

1. Create simple central contacts for advice

You could appoint IT guardians or mentors to act as a conduit between various business functions and IT and offer informal advice. It could be as simple as setting up an email address.

2. Train your team to spot cybersecurity red flags

For example, a generic salutation (Dear Customer), poor quality logos, spelling mistakes, time pressure, fake domain names, mismatched sender details, etc. These are all warning signs of a cyberattack. If your employees know these signs, you can respond quickly to ensure minimal damage.

Free Staff Cybersecurity Checklist

3. Ensure password security

One of the most common causes of a cybersecurity breach is weak passwords, with people often reusing them for multiple or all accounts. A survey conducted by Specops Software uncovered that 51.61% of respondents share their streaming site passwords, with 21.43% unsure whether those passwords get shared with other people.

4. Use multi-factor authentication

Multi-factor authentication means that to access software or conduct a transaction, at least one more means of personal verification is needed.

This could be as simple as entering a memorable word or using a passcode from a text message or dedicated App.

Free Information Security Training Presentation

5. Keep software up-to-date

Be wary of any software that is not company-wide or on mobile devices. Patches to fix security issues are regularly issued, and not actioning them leaves you wide open to cyberattacks. Software updates are important not only for system speed but also for protection against cyber threats.

6. Only used approved connections & devices

Cyberattacks have become a greater threat than ever with the rise of hybrid working. Employees now spend more time working remotely or on the go. At home, they may be inclined to use their own devices or access networks that are not secure. It is critical to avoid this to ensure maximised protection against cyber threats.

Data Protection Principles Checklist

7. Purchase similar web domains

Consider buying similar domain names to reduce the chance of customers, suppliers or your team being duped by emails from spoofed addresses or links to spoof websites. This is an investment in protection against cyber threats.

8. Store key personal verification data separately

Ensure appropriate technical or organisational measures are in place to safeguard personal data. This can prevent cyberattacks and minimise their impact (e.g. by storing CVV codes separately from other card information).

Email Phishing Checklist

9. Audit your systems for vulnerabilities

What vulnerabilities do your own systems conceal? Do you know? Now might be a good time to beef up security, secure the parameter, and conduct penetration testing, especially if there's some slack or respite from "business as usual" tasks. Sounds like a good investment?

10. Establish clear protocols with clients & suppliers

When communicating or sharing information with new clients and suppliers, insist on direct contact via named personnel or codewords for major changes in terms, payments, etc.

To risk physical threats, ensure that you conduct due diligence and vetting before granting any third-party access to your premises.

11. Beware of impersonation

If your name and role are in the public domain, you are more vulnerable to impersonation. If you hold a senior position or are authorised to initiate payments, agree on ground rules with your colleagues. For example, always make direct personal contact by phone, codewords, etc. Introduce dual authorisation on large payments. Insist on PO numbers for all large payments to combat CEO fraud.

12. Create a 'challenge culture' for unfamiliar faces

Encourage all staff to wear a security pass or ID at all times so people can see at a glance who is authorised and who is not.

Sure, it may be embarrassing, and you may be reluctant to do this due to the bystander effect, but it's essential to safeguard the company.

Watch out for tailgaters, take extra care when entering access codes to a door or building in public areas, and don't assume someone walking in with a colleague is with them.

Cyber Security Training Presentation

Want to learn more about Information Security?

We’ve created a comprehensive GDPR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of GDPR Courses.

We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!

Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.

Compliance Bulletin

Compliance Bulletin

Our monthly email provides best practices, expert opinions, industry insights, news and key trends in regulatory compliance training, digital learning, EdTech and RegTech.