By Mark Brown, Founder of Psybersafe
In recent years, cyber attacks have become part of life for many of us and there’s clear evidence that they are also used by one nation in order to destabilise another. Cyber attacks are part of the current situation in Ukraine, and whilst you may not personally be the victim of an attack by a nation state, your own cyber security is certainly more at risk now than it was before the conflict started a few weeks ago. This may not be state actors targeting you, but cyber criminals taking advantage of the interest in, and concern about, the situation in Ukraine.
That is why the National Cyber Security Centre (NCSC) recently published updated advice, encouraging UK organisations to act, following Russia’s attack on Ukraine. The guidance is specifically to help businesses during a period of heightened threat, and suggests that businesses move their cyber approach to a higher level of alert. This means:
- Prioritise cyber-related actions
- Put in place quick and easy ways to strengthen your defences
- Review and add to your plans for handling a cyber attack
How vulnerable are you?
Your actions should focus on reducing your vulnerability to attack in the first place and reducing the impact of a successful attack. Even the most sophisticated and determined attacker will use known vulnerabilities such as phishing, malware, attempting use of breached passwords to try and beat the system. Remove their ability to use these techniques and reduce the cyber risk to your organisation. Have a strong cyber security plan in place to activate should the worst happen.
Check for security updates on your system
Make sure that updates are regularly done on your computer and ensure that you have updated and patched any vulnerabilities which might allow hackers an entry point. Run an anti-virus scan on all your devices to check for problems. You pay for anti-virus software, so make sure it’s doing its job. It takes just a few minutes to run a scan, and you’ll be able to see immediately if there are any problems.
Train yourself and train your staff
The most common entry points for hackers are phishing scams, Malware, Ransomware, Hardware and software misconfiguration and weak passwords caused by individuals. Some of our own user research has shown that by training people to take personal responsibility for keeping themselves safe can bring about a permanent change in IT habits and keep businesses and staff safe from cyber attacks. The key here is to make sure you and your staff are vigilant and able to spot tell tale signs of spotting phishing scams, malware and other potential threats.
Get a password manager
The reason we use very simple passwords and often have the same password for multiple accounts is because we’re not very good at remembering things. Using a password manager allows you to protect your data and access with very strong passwords. This improves your security and leaves you less open to attack. Make sure you are not using previously compromised passwords on existing social media or email accounts.
Use two-factor authentication
This is an additional layer of security that can prevent hackers getting into your email accounts, bank accounts and other apps where you store private data. Your bank probably already sends you a code to log in, and if an account offers 2FA, use it. Certainly Facebook, Google and Linkedin do, and it’s easy to get started. In each case go to Settings and look for Security. It’ll be there. And you might as well get on with it, because more and more apps are likely to require this added level of security as the global cyber threat increases.
Check your backup systems and have an offline backup in place
Make sure that your backups are up to date and note that the NCSC suggests an additional offline back up which is recent enough to be useful should your online system be compromised.
Like everything you do for your personal safety, the way you behave and the actions you take are what’s going to protect you and your business. Being aware of the dangers is all very well, but if you don’t take the right actions, you are still vulnerable. Stopping, thinking and taking precautionary action is the best way to protect yourself – and, if you run an organisation, your people are still your first line of defence and you should make sure that you have systems and training in place to help them make the right decisions in the event of a potential attack.