Tax efficiency in Investing
As an adviser, the key to creating any good, solid financial plan is in the objective setting at the start of and...READ MORE
Cyber attacks are on the rise and have accelerated during the pandemic. Ransomware is particularly rampant – you just have to look at the news headlines. With low risk and high returns, cyber criminals have turned ransomware into a business. They will break into your IT systems, take your critical data, encrypt it and send you a ransom demand to get it back.
With plenty of sensitive client information, financial data and valuable reputations to protect, the organisations accountants work in will often offer rich pickings for ransomware criminals. So, what can you do to protect your business? There is no silver bullet; no 100% solution. But there are simple measures you should implement.
First, you need a firewall that monitors and controls incoming and outgoing network traffic. It establishes a barrier and, if you have people working on sensitive data from home, you should set up secure VPNs (Virtual Private Networks) to connect to your trusted network. Antivirus (AV) software is a cyber security essential, but most AV is ‘signature-based’, meaning that it relies on identifying new malware to block it.
But what if you’re one of the first to get attacked? That’s why ‘zero-day’ solutions that spot and prevent new malicious activity without a signature are increasingly popular.
The problem of passwords
We all struggle with remembering long, complex passwords and too often use a pet or child’s name, which are easy to guess. Instead, you can use multi-factor authentication (MFA), which simply requires more than one method of authentication.
While traditional MFA solutions can be costly and complex, new cloud-based systems cut down on costly deployment and management and offer a choice of authentication methods such as one-time-passwords or QR codes sent to your device.
Humans are the weakest link in cyber security defences and most attacks start with a phishing or social engineering email that tries to get us to open an attachment or click on a malicious link. They are difficult to spot but a good phishing education programme can reduce your open and click rates drastically. You should intrinsically link technical controls with human behaviour to learn from mistakes and avoid a blame culture.
Not on my patch
Another cyber security 101 is patching. Most cyber security vulnerabilities in IT systems and software exploited by cyber criminals are already known, with known software updates to fi x them. Software patches are a necessary inconvenience as they are time consuming and can cause disruption for users. But hackers don’t waste time and will exploit vulnerabilities just days after a patch is released; so, if you don’t act quickly to apply the update, you will be at risk.
The final word
It’s impossible to stop every cyber attack but by doing the basics you can mitigate many of the risks. And if you do suffer an attack, having an incident response plan and recent back-ups may help save the day. You do back up regularly of course?
Jonathan Whitley is VP Northern Europe for WatchGuard Technologies. watchguard.com