Research suggests businesses should up their game on cyber security

Analysing hundreds of small to mid-sized organisations, Birmingham-based technology services provider Probrand conducted in-depth cyber-security risk assessments to reveal the current state of affairs and areas of critical improvement.

Shockingly, 47 per cent of those in the assessment did not have up to date anti-virus software to detect hacking attacks.

And nearly a fifth (15 per cent) currently don’t have any firewall to protect them from cyber security breaches or attacks.

When looking at training, the research revealed almost half (48 per cent) don’t provide any cybersecurity awareness training to help employees spot any potential risks when using their laptops or technology equipment.

Matt Royle, Marketing Director at Probrand said: “It’s shocking to see so many businesses are not properly set-up to protect against or recover from a cyber attack, with many not having the proper software or training available to educate on the potential risks and impact of these types of attacks.

“In today’s society, it’s never been more important for businesses to really understand the financial risks presented by cyber attacks, coupled with the scale and complexity of these threats.

"Businesses need to up their game based on our research. Other findings revealed 29 per cent of businesses had no patch management in place – a process which is critical in maintaining ongoing security and productivity.

“As it shows, businesses need to improve how they mitigate risks, defend and recover from cyber threats, which includes updating their cybersecurity stance from a technology and employee awareness perspective.

"Recent YouGov data revealed 49,000 instances of fraud happened as a result of cyber attacks and the average cost of a digital attack on a business is £15,300. These shocking statistics, alongside our own research showcase it has never been more important or necessary for businesses to take a new look at their current systems and procedures.”

Probrand has provided some simple and easy first steps to help businesses protect themselves from a digital attack.

1. Go ‘passwordless’

The new direction in the industry is 'passwordless' authentication in conjunction with Single Sign On (SSO). It has become clear that if users are forced to remember new passwords often, it results in them using easier to remember (but likely weaker) passwords. They will simply reuse existing passwords or just make slight adjustments, thus not really resulting in a truly 'changed' password at all!

‘Passwordless’ solutions like passkeys, physical tokens (e.g. Yubikey), and biometrics are increasingly seen as more secure, by removing the burden of having to remember complex passwords or pass phrases. Thus, ease of use is improved for the user, but maintains, or even increases, the barrier for cyber criminals. Modern approaches are standards-based, and phishing-resistant, plus fully supported by modern identity management solutions.

2. Replace your old firewall

If your firewall is over three-years-old then it’s time to replace it. Out-of-date technology does not defend against increasingly complex and evolving modern day threats. Firewalls provide protection against outside cyber attackers by shielding computers and networks from malicious or unnecessary traffic. Firewalls can also prevent malicious software from accessing a computer or network via the internet. Be sure it is configured by experts to turn on features to block certain types of traffic or applications whilst letting necessary data through.

3. Enable Multi-Factor Authorisation

Enabling MFA is increasingly required for secure access and cyber insurance policies. Not having MFA enabled poses a significant risk, as it allows unauthorised access with compromised credentials, making accounts vulnerable to cyber threats and security breaches. So, make sure this is done across multiple platforms, especially the increasingly sensitive or important ones. This is normally also free to do, so a quick and easy step to protecting your business.

4. Develop strong policies for employees

Ensuring strong policies are in place for cyber security is essential in keeping your business protected from threats. On top of this, it is also crucial to have an incident response plan, this can be established so employees can understand what needs to be done in the event of a cyber attack.

5. Training

Neglecting employee cyber awareness training exposes an organisation to heightened risks. Staff may inadvertently fall prey to phishing attacks, lack awareness of cybersecurity protocols, and become potential vectors for cyber threats. Investing in training is crucial to fortify the human layer of defence and mitigate security vulnerabilities.

So, it’s important staff are knowledgeable on the risks and impact of these attacks and training is the key to this. Try using simulated phishing exercises to test and educate employees on recognising and avoiding phishing attempts, this is a great way to test if the training is working. Promote a reporting culture, so encourage a culture of reporting suspicious activities and mistakes, fostering a proactive stance against potential cyber threats.

For more tips on how to protect your business from cyber threats, visit https://marketplace.probrand.co.uk/resources/blog