12 Ways to Improve Cybersecurity

Posted by

Matt Green

on 20 Jul 2021

Cybersecurity breaches are in the news every month. Some are unavoidable, but by following some simple rules many could be avoided. 

12 Ways to Improve Cybersecurity

In 2020, FINRA warned that scammers are using registered brokers' names and personal information to set up 'imposter websites' that appear to be the representatives' personal websites and are also phoning and directing potential customers to these sites. These scammers are likely using these sites to gather personal data with the end goal of committing financial fraud.

"The majority of online scams rely on some form of human error, as it is far easier to compromise a single user than a whole system. Threat actors know this well and are continuing to exploit the human factor by tailoring scams to target current events and the fears of their victims"

Mimecast's Head of e-crime, Carl Wearn

Now, businesses are also being warned by the police to strengthen their internal controls in response to a spike in physical security breaches.

As firms do everything in their power to make their IT networks impenetrable, organised crime gangs are turning their attention to low-tech methods. Contract cleaning firms. Painting and decorating companies. In fact, anyone in fact with out-of-hours access to a corporate building.

According to recent estimates, cybercriminals around the world generate approximately £1.2 trillion each year, an amount which is likely to keep rising over the coming years. We have some simple tips on how to improve cybersecurity.

Free Cyber Security Training Presentation

How to reduce the threat of cyberattacks

1. Create simple central contacts for advice

You could appoint IT guardians or mentors to act as a conduit between various business functions and IT and offer informal advice. It could be as simple as setting up an email address.

2. Train your team to spot cybersecurity red flags

For example, a generic salutation (Dear Customer), poor quality logos, spelling mistakes, time pressure, fake domain names, mismatched sender details, etc.

3. Passwords

One of the most common causes of a cybersecurity breach is weak passwords, with people often reusing them for multiple or all accounts. A survey conducted by Specops Software uncovered that 51.61% of respondents share their streaming site passwords, with 21.43% unsure whether those passwords then get shared with other people.

4. Use multi-factor authentication

Multi-factor authentication means that to access software or carry out a transaction, at least one more means of personal verification is needed.

This could be as simple as entering a memorable word or using a passcode from a text message or dedicated App.

5. Keep software up-to-date

Be wary of any software that is not company-wide or on mobile devices. Patches to fix security issues are regularly issued, and not actioning them leaves you wide open.

Data Security Tips on the Move

6. Only used approved connections & devices

With the rise of hybrid-working, this has become a greater threat than ever. Employees now spend more time working remotely or on the go. At home, they may be inclined to use their own devices or access networks that are not secure.  

7. Purchase similar web domains

Consider buying up similar domain names to reduce the chance of customers, suppliers or your team being duped by emails from spoofed addresses or links to spoof websites.

8. Store key personal verification data separately

Ensure there are appropriate technical or organisational measures in place to safeguard personal data. This can prevent cyberattacks and minimise their impact (e.g. by storing CVV codes separate from other card information).

9. Audit your systems for vulnerabilities

What vulnerabilities do your own systems conceal? Do you know? Now might be a good time to beef up security, secure the parameter, and conduct penetration testing, especially if there's some slack or respite from "business as usual" tasks. Sounds like a good investment?

10. Establish clear protocols with clients & suppliers

For communicating and sharing information with new clients and suppliers. Insist on direct contact via named personnel or codewords for major changes in terms, payments, etc.

To risk physical threats, ensure that you conduct due diligence and vetting before granting any third party access to your premises.

Free Identity Fraud Training Presentation

11. Beware of impersonation

If your name and role are in the public domain, it makes you more vulnerable to impersonation. If you hold a senior position or are authorised to initiate payments, agree on ground rules with your colleagues - e.g., always make direct personal contact by phone, codewords, etc. Introduce dual authorisation on large payments. Insist on PO numbers for all large payments to combat CEO fraud.

12. Create a 'challenge culture' for unfamiliar faces

Encourage all staff to wear a security pass or ID at all times so people can see at a glance who is authorised and who is not.

Sure, it may be embarrassing, and you may be reluctant to do this due to the bystander effect, but it's essential to safeguard the company.

Watch out for tailgaters, take extra care when entering access codes to a door or building in public areas, and don't assume that someone walking in with a colleague is with them.

Cyber Security Training Presentation

Want to learn more about Information Security?

If you'd like to stay up to date with information security best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech, and RegTech news, subscribe to Skillcast Compliance Bulletin.

To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent GDPR fines.

You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.

And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library.

Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!

If you've any questions or concerns about compliance or e-learning, please get in touch.

We are happy to help!

Compliance Essentials

Compliance Essentials Library is our best-selling comprehensive corporate training solution.

100+ e-learning and microlearning courses that help companies from SMEs to multinationals achieve compliance success.

Start a Free Trial