Top 12 tips to keep your business safe from cyberattacks

According to a recent research, more than 85 per cent of companies have been the victim of a ransomware attack in the past year.

It’s not a question of whether you have been attacked or when you’ll be attacked, but how often you’ll be attacked.

While there is no way to guarantee that an organisation will never be attacked, they can take some simple steps to protect their business.

Here are some tips to follow:

Be skeptical

If something sounds too good to be true, it probably is. Know the warning signs for phish-ing, social engineering and other scams and err on the side of caution. Don’t click on unknown links, open unexpected or suspicious attachments or provide information to someone you don’t know or weren’t expecting to hear from.

Use strong passwords and passphrases

Longer is stronger. Leverage passphrases to help create long passwords that are easy to re-member, but hard for others to guess.

Slow down

Slow down and avoid making simple mistakes. Be cautious of auto-completion in emails so you don’t send sensitive information to the wrong person. Don’t accidentally ‘reply all’ when you only intended to send information to one person on the thread.

Beware of malware

Viruses, computer worms and Trojans can hide in legitimate looking websites, free software packages online and phishing emails. Ensure you have an anti-malware program enabled and kept updated.

Stay secure on the go

Security doesn’t stop just when you leave the office. Be aware of your surroundings. Don’t talk about sensitive information, like banking details or medical information, in a location where others can hear you. Keep your device screens hard for others to see – consider a privacy screen when possible. Use an external battery pack rather than public charging ports to protect against ‘juice jacking.’

Know your data. Protect it.

You cannot protect your most sensitive information if you don’t know what information you have. Inventory your organisation’s information. Classify it based on its sensitivity level. Protect the in-formation according to that sensitivity level.

Limit access

You may hire the most trustworthy people to work for you, but that doesn’t mean they all need access to your most sensitive information. Provide access on a need-to-know basis. This helps protect confidentiality, but also reduces the impact if someone’s access is compromised. Use multi-factor authentication when given the option to minimise the damage that can be caused if someone steals your passwords.

Stay secure online

If you understand that the internet contains scams and threats around most corners, then you can help to spot when something doesn’t seem right and steer clear. Use and require secure networks – if the WiFi you are using is not encrypted, ensure you are using a VPN or other layer of protection. Leverage bookmarks for important URLs so you’re less likely to fall for fake dupes of the real ones. Avoid oversharing on social media and assume that anything posted is public, regardless of privacy settings.

Be security aware. Report.

Even with all the best intentions, sometimes the cyber criminals will win a battle. It is important that your organisation has a defined incident reporting and response plan, so that your security team is promptly notified if there is the risk of compromise. The sooner your team knows about it, the sooner they can protect against it. Communicate your preferred method of incident reporting frequently so your employees have no doubt about how to contact you.

If you can connect it, protect it.

As the perimeter of your business infrastructure becomes blurred with cloud services and per-sonal devices being used for work (BYOD), you need to ensure your corporate policies are inclusive to require that any device used for work that can connect to the internet is required to be protected. This may be anti-malware software, strong passwords or access controls. Each de-vice will require something different, but a general rule of thumb is that if you can connect it, protect it.

Back up your data

You can have a best-in-class security programme and still find yourself in a situation where your data can no longer be accessed or trusted. Regularly backing up your data in three different locations on two different media with one copy being offsite, one copy being offline, air-gapped or immutable and zero errors with recovery verification, allows you to quickly restore your data with minimal downtime and keep your business running.

Train your users / Be a security learner

Cyber criminals are constantly changing their tactics as they learn about what protections are being put in place. Your organisation’s people can either be your weakest link or your greatest asset. Put emphasis in teaching your people about how they can be part of your human firewall, and they can become an extension of your security team.

Mohamad Rizk is the regional director, Middle East and CIS at Veeam Software

Read: The rising cost of cybercrime: Why businesses must invest in cybersecurity