5 simple ways organisations can avoid data breaches

إقرأ هذه المقالة باللغة العربية

You don’t have to wait long to hear a news story about an organisation that’s suffered a data breach. Sometimes these organisations have been the victim of a complex attack, but usually it’s the result of basic cyber security weaknesses.

The fact that even big organisations suffer data breaches can lead people to worry that, with far fewer resources, their organisation’s chances of staying cyber secure are non-existent. However, most of the time the simplest solutions are the most effective. Here are five easy things that all organisations can do to prevent cyber incidents.

1. Identify phishing emails

Phishing emails are one of the most common causes of data breaches, despite their simple attack method. Cyber criminals send emails masquerading as a legitimate source (such as a bank or online service) to trick people into handing over their personal details or downloading malware. The messages typically detail an urgent query. For example, they might say that the person needs to review a transaction or their password is about to expire.

Phishing emails typically contain a bogus link or attachment, and targets are vulnerable as soon as they click on this.

Technological defences such as spam filters can partially protect people from phishing emails, but some messages will inevitably get through. To stay safe, you and your staff need to be able to spot phishing emails. Poor grammar, misleading email addresses and abrupt requests are the most common signs of a malicious email, but there are many other clues, which you can learn about with our Phishing Staff Awareness Course.

2. Increase password security

Strong passwords are an essential part of an organisation’s cyber security processes. Even the most sophisticated security practices won’t help if a criminal hacker can break into an employee’s account.

Organisations should have a password policy in place that instructs employees to:

  • Create passwords that combine upper- and lowercase characters, numerals and special characters;
  • Update their password every six months;
  • Create a unique password for each account; and
  • Never write their password down.

It can be hard to remember numerous passwords, so you and your staff might want to use a password manager, such as LastPass and 1Password.

3. Make sure confidential information stays secure

Too many data breaches are caused by staff leaking information. This is often the result of an employee deliberately or accidentally disclosing data to someone who shouldn’t have seen it. Former employees who still have access to the organisation’s systems are also a risk.

You can mitigate this threat by putting access controls in place and making sure employees’ access is revoked after they leave the organisation.

4. Install the latest technological defences

The latest antivirus and anti-malware software will protect you from most malicious software. You should also have firewalls in place to prevent unauthorised access to your network.

5. Conduct regular tests and audits

One of the most effective ways to protect yourself from cyber incidents is to find out how vulnerable you are to them. This is where penetration testing comes in. It’s essentially a controlled form of hacking in which a professional tester, working on behalf of an organisation, uses the same techniques as a criminal hacker to search for vulnerabilities in the organisation’s networks or applications.

How else can you stay secure?

All organisations looking to address cyber security should have an information security management system (ISMS) in place. It’s a system of processes, documents, technology and people that helps you manage all your security processes in one place, consistently and cost-effectively.

ISO 27001 is the international standard that describes best practice for an ISMS. It provides a proven framework that helps organisations protect their information through effective technology, auditing and testing practices, organisational process and staff awareness programmes.