Notice: The Chamber's documentation and customs declaration services announce festive opening hours. Click here to view.

TalkTalk security breach - how to avoid becoming another 2015 statistic

In light of TalkTalk’s major security breach this morning, a hack that has compromised the data of four million of the provider’s customers, the urgency for businesses to protect themselves against an attack has never been more prominent.

In light of TalkTalk’s major security breach this morning, a hack that has compromised the data of four million of the provider’s customers, the urgency for businesses to protect themselves against an attack has never been more prominent.

From the exposé on worldwide infidelity to the extensive banking security breaches; 2015 has shown the true extent of international dependency on digital security.

July saw the Ashley Madison scandal take the world by storm when hackers exposed thousands of email addresses linking to cheating husbands and wives. The effects were catastrophic for families and some even resulted in suicide. The same month was witness to the outcry from Barclays’ customers as a memory stick containing 13,000 client details was stolen.

According to a recent Government report, 90% of large UK organisations experienced a data breach in 2015, a 10% increase from 2014. Recovering from a security breach could cost corporations in excess of £3million to ensure the remaining data is secure. But beyond the financial implications lies the tattered reputation of company’s brand. This, unfortunately, can be far more damaging in the long-term as consumers take their business elsewhere.

Of those surveyed, 59% expect to see more security incidents in 2016.

Should businesses be rushing to lock away all data away under padlock and key, shut down online banking, email accounts, and social media pages? Not quite. But businesses must be vigilant and more importantly; aware. In time for October’s European Cyber Security Month (ECSM), Internet For Business, leading Internet Service Provider (ISP), has highlighted important threats that all companies should be aware of ahead of 2016.

Prepare to be prepared

Every second of every day, hackers are developing new devious and inventive ways to access company data. If companies don’t invest in securing their data they open themselves up to a serious breach – a hackers dream. Prepare for the worst case scenario and have the processes and security in place to deal with this. Also, be careful who has access to the data. Ensure business sensitive data is only accessible to those who need access. This will minimise the risk of business critical data getting into the wrong hands.

Encrypt data

A way to combat online security breaches is to encrypt as much data as possible. This ensures that by the end point of encryption - whether it’s on a tablet, a server, a memory stick or a portable device – it’s much more difficult for that data to be repurposed or reused in anyway.

Beware of human error

Doing something as simple as sending corporate data from a work email to a Hotmail account can be dangerous to a company – like those at the heart of the Ashley Madison scandal. By sending it across an unsecured network, the company opens itself up to a whole host of potential issues. To combat this problem, ensure suitable training and policies are in place so that employees understand how to communicate safely from one network to another.

Know where your data is and who is looking after it

It is important to select the most suitable – and budget friendly - organisation to look after your data. If data is not hosted in a secure environment, it is at risk of being hacked. Look for a data hosting specialist that provides the best environment for data which, in turn, reduces the risk of it being lost or stolen. When companies talk about data loss scenarios they envisage burning buildings and flooded basements, but these are worst case scenarios. The smaller and more common issues such as simply deleting a document or folder from the network can be disastrous if the correct procedures are not put in place. Data should always be backed up, on a regular basis. By keeping data off site, data is protected in the case of a major disaster and/or theft. Regular back-ups ensure that data is retrievable, should it be deleted accidentally.

Firewalls and antivirus

Many large companies make the common mistake of using one type of anti-virus protection to cover all desktop, web browsing and email activity. The problem here is that if a hacker successfully breaks through the one antiviral system protecting your company data, then they win the jackpot, and easily. Invest in multiple layers of protection in place for desktop, web browsing and email activity across all devices that have access to company data. By protecting the data, on all devices and with multiple competent systems, you are making a hacker’s job really difficult; great news for the company, not so great for the hacker. They will more than likely look for an easier target.

Beware of unsecure networks

As soon as information, perceived as private or not, is sent across an unsecure network it is susceptible to hackers. As a general rule, never send anything across an unsecure network that other people shouldn’t see. It’s important to be aware of the security risks when connecting a work device to a ‘public’ network. Companies can hide their SSID’s (Service Set Identifier), but hackers can obtain tools to find these or use brute force to get into the devices and network. To combat this, ensure suitable training and policies are in place so that employees understand the risks and dangers of unsecure networks.

Cardinal password sins

It goes without saying that ‘welcome’, ‘password’ and ‘123456’ do not qualify as secure passwords. Do not keep a business password on a yellow post-it note pinned to the desktop. Employees may think that nothing on their computer would be of interest or importance to an intruder, but they’d would be surprised. Simple access to emails is enough to bring a whole network to a standstill. Create a password that is at least 10 characters, contain symbols along with upper and lowercase, and change it regularly. Limit password attempts to just three and set account to be locked for a period of time if entered incorrectly. This will ensure any hacker, even if they are using a cipher, will be blocked almost immediately.

Educate, educate, educate!

This may sounds simple, but educating employees about how they should look after company data and what the potential consequences are if they do not. Make employees aware of security breeches in other companies to show how often simple mistakes can have detrimental effects on data ending up in the wrong hands.

Graeme Gordon, CEO of IFB says, “We have dealt with many of the issues above and work hard to tailor our security packages to meet client requirements. Simple precautions are the secret to avoiding disasters and all businesses will benefit from the advice above. As technology advances by the second, it’s important to remain one step ahead of the game at all times.”

IFB can be contacted on 0845 270 2101 or geton@ifb.net. More about the company can be found at www.ifb.net.

More like this…

View all