25 October 2021
5 tips to help protect your organisation from cyber-attacks and data breaches
Cyber-attacks and incidents have increased over 100% in 2020 according to Gartner research. It’s a global issue that is becoming harder to fight as criminals become more sophisticated and the cost of protection is rising exponentially.
Having the right systems and processes in place is critical to keeping your organisation secure and everyone has a part to play. Read our top tips to ensure you’re prepared in the face of unprecedented cyber security risks.
1. Keeping systems up to date
Keeping on top of system updates is a huge burden, often relying on cross-departmental working between IT and other departments to schedule software updates or make configuration changes.
This is a huge drain on resources, made worse for IT teams who regularly need to review in-house infrastructure, security, technology changes and internal demands. However, leaving any part of your systems out of date risks breaches through identified software flaws or bugs.
With HR, payroll, customer and financial systems, the risk of someone accessing your most sensitive data is too high to leave to chance. One way to avoid breaches due to security flaws from outdated systems is to rely on cloud technology. Cloud software and systems are hosted by providers dedicated to keeping their infrastructure and technologies up to date, with stringent auditing and regular tests to ensure there are no weaknesses that could be exploited. This takes the burden away from internal IT, removing some of the rising infrastructure costs and providing peace of mind that your systems are secured to the highest levels.
2. Using strong passwords and MFA
As a user, having to remember and constantly enter long, complex passwords can be frustrating. However, a common way for criminals to break into systems is by gaining access to people’s passwords. When they’re easy to guess and the same one is used across multiple logins, individuals open themselves and their organisation up to huge risks.
To reduce this risk, organisations should steer well clear of eight-character passwords with numbers and symbols that are forced to be changed regularly. Instead, organisations should promote longer passwords (16 characters) made up of three random words that aren’t changed unless compromised. This helps users to create and remember strong passwords.
Another must have, to mitigate against the risk of passwords being compromised by phishing e-mails, is Multi-factor authentication (MFA). This requires you to use two different methods to confirm your identity, such as a password and a code sent to your mobile phone. This means that if your password is compromised, your systems are still safe from a breach as the criminal won’t have access to your second authentication method.
MFA is now the standard for logging into any sensitive online systems, from banking to e-mail applications. That’s why, from 2022, we’re making MFA a minimum requirement for all customers to ensure their sensitive HR and payroll data is effectively protected.
3. Educating employees
The single most common cause of security breaches is human error. According to Gartner, 85% of data breaches involved a human element. Employees click on a malicious link or fail to keep their personal details safe, allowing criminals to take advantage. Phishing emails are becoming more and more sophisticated, making them harder to spot. Gartner suggests these types of attacks have risen by 25% compared to the previous year.
Having the right technology in place is only part of the solution. Creating a cyber-aware culture among your employees, supported by a thorough but clear data use policy will help educate your people to avoid falling foul of avoidable breaches.
Accountability is key – every person in your organisation is responsible for keeping your organisation secure. This means senior leadership must get on board and understand the value of security controls to set the right example to the rest of the workforce. Training and awareness cannot be maintained through ad-hoc activity and a tick-box compliance mentality. Employees need to learn to change their behaviour to truly understand the risks and act accordingly.
4. Monitoring for abnormal behaviour
Organisations can no longer hope they won’t be breached but need to assume that sooner or later they will be breached. Having multiple layers of security will help to slow down an attacker and limit the damage they can cause, but being able to identify when you’ve been breached is critical to quickly stopping an attack before significant damage can be done.
The best way to do this is to monitor your systems for suspicious and abnormal behaviour. Looking for common actions indicative of an attacker will give you an early warning sign that your network could be compromised.
As attackers now often try to blend in with their surroundings, simple monitoring may not be effective and can cause large numbers of false positives. To identify more subtle changes in behaviour, artificial intelligence is needed to understand what normal looks like to be able to detect the abnormal.
5. Ensuring your HR and payroll data is secure
With HR and payroll systems holding such sensitive data, it’s crucial that these are protected in line with your most critical systems. An attack on these systems could see your staff most sensitive personal data posted on the internet for all to see.
One way to secure these systems is to use a cloud-based solution to transfer the risk to a dedicated third party that specialises in protecting this sensitive data.
At MHR, we use industry-leading security to protect our customers’ most sensitive data, this is backed up by certification to the UK and globally recognised standards, such as ISO 27001.
Our solution also offers the first integrated user behaviour analytics solution on the market to understand normal behaviour and alert on potentially suspicious activity.