3. Implement Basic Protections
Implementing basic protections, such as installing anti-virus software and training your staff to regularly back-up systems, can significantly reduce the risk of your business becoming a victim of a successful cyber-attack.
Scam calls and messages
Scam calls and messages are a common way that cyber-criminals target small businesses. Their goal is to trick you or your staff into sending money or gift cards, or to convince you to click on malicious links or attachments to obtain sensitive information, such as passwords or banking details.
Cyber-criminals may try and scam your business through email, text messages, phone calls and social media. They will often pretend to be a person or organisation you trust. Please contact your local Garda station or visit Garda.ie if you are concerned you have fallen victim to a scam, or if you have come across something you suspect to be a scam.
Phishing attacks
These scams often contain a link to a fake website where you are encouraged to log in to an account or enter confidential details. Phishing attacks typically compromise your account passwords.
Cyber-criminals often use this method to “take over” the social media accounts of small businesses and hold them to ransom. Use caution if a message is from a known entity and yet seems suspicious. Contact the person or business separately to check if the message is legitimate.
Watch our explainer video to learn how to Implement Basic Protections
Is your staff aware of the risk that cyber-attacks pose to your business?
Most cyber-attacks now rely on human interaction to facilitate their success, typically early in the attack lifecycle, whereby a legitimate system user is tricked into providing the attacker with access to or a foothold into the system. This comes in many forms of social engineering, such as phishing emails and phone calls or physically bypassing security controls to access your business systems.
It’s critical to ensure your staff are aware of the dangers. Employees with good cyber security practices are your first defence against cyber-attacks. By providing cyber security awareness training, you help mitigate against cyber-attacks.
Ways to mitigate cyber-threats by implementing basic protections
Anti-virus
A centrally managed anti-virus solution should be implemented on all types of devices and kept up-to-date to ensure continuous protection from cyber-threats. Anti-virus software, often included for free within popular operating systems, should be used where possible on all computers, phones, and laptops.
Ensure data is encrypted
Protect your business data by encrypting it. Data encryption is important as it involves converting data into a secure, unreadable format using cryptographic algorithms so even if the data does fall into the wrong hands, it cannot be used. You should ensure the data stored on mobile devices such as laptops, smartphones, and tablets are encrypted.
For data transferred over public networks, such as hotel or airport Wi-Fi networks, ensure that data is encrypted by employing a virtual private network (VPN) or accessing websites over secure connections using SSL/TLS protocol. Email encryption helps to protect personal information from hackers by only permitting certain users to access and read your emails.
Email and protection tools
Employ solutions to block spam emails, emails containing links to malicious websites, emails containing malicious attachments such as viruses, and phishing emails. Most email providers now include many features to ensure spam is blocked, enabling them across all your business devices will help prevent cyber-attacks on your business.
How does your business connect to the internet? Are your staff members safe when they are online?
Enabling a firewall on your systems and devices can enhance your systems’ security. Think of firewalls as a protective barrier between your network and the vast world of the internet. Most modern operating systems come with this security feature, so it’s usually just a matter of activating it.