Lee Wrall, Director, Managed Services Provider, Everything Tech
In a world of complex cyber attacks, and a customer base that is more clued up than ever about the use of their data, the need for thorough protection against sophisticated cyber threats is vital for engineering.
From simple phishing scams, which target people’s email addresses and bank details, to sophisticated attacks that look to cripple businesses and steal their data. No matter the level of threat, the threat is real.
With increasing news reports of cyber security breaches hitting major companies from banks to supermarkets, as a business owner or leader, you are undoubtedly finding yourself worrying about how you can best protect your business when it comes to holding customer data online and sensitive business information.
Well here, are some things you can put in place to ensure your customer data is secure.
Cyber Essentials
Cyber Essentials scheme was set up by the Department for Business, Innovation and Skills, to encourage organisations and bodies to adopt basic security controls that help them ward off online threats. This scheme is part of the Government’s strategy ‘to make the UK one of the most secure places to do business in cyberspace’, Cyber Essentials is an important tool for any business or organisation at risk of Internet-borne threats. Engineering firms with Cyber Essentials lower the risk of a cyber-attack and offer assurance to customers and clients that sufficient IT security controls are being used to successfully reduce the risk of any breach on systems and data. Below are a few common issues we have seen within the industry:
Holding sensitive data and keeping it secure
Your customer data has not only taken years, probably decades to build but it is an asset that holds enormous value to the business. It is regulated by GDPR laws, so there is the responsibility to protect all data within a safe environment.
Ensuring this data is secure and protected is important, not only for a monetary loss if something was to happen to this data, but a reputational loss. It’s important to know what data you hold and where it is stored. After all, you can’t keep something safe if you don’t even know where it is. Monitoring customer data means staying ahead of potential cyber attacks. Think of it as being a watch guard that ensures the data is safe.
You’ve also probably already experienced Two Factor Authentication (2FA) when you log into your online banking – receiving a text or email with a code which you need to type in to access your account. You can also use this system for employees logging on to your server or accessing sensitive files. Plus, this validates that they are legitimate personnel and not outsiders. 2FA stops 99% of cyber attacks in their tracks*.
Data Loss Prevention
This is a set of tools and systems that are put in place by an organisation to ensure sensitive information and data are not stolen without your knowledge. For example, if someone tried to email a customer’s credit card details or home address outside of your business, DLP would stop this.
Security Awareness Training
Security awareness training should be as commonplace as other areas of training offered by businesses, such as compliance training or Health & Safety. Businesses need to take online threats seriously and that starts with employees gaining greater awareness.
With effective security awareness training, a business can transform employees into a solid line of defence against cyber attacks, by helping them identify, avoid and report sophisticated attacks. The training can simulate a cyber attack and be created bespoke to a business so employees can understand what could happen and what to look out for when carrying out their day to day role.
Offering security awareness training to staff is quick to deploy, runs in bitesize segments and will reduce the likelihood of human-caused data breaches and create a strong culture to combat cyber attacks on your business.
*2019 Microsoft Security Report