Op-Ed: 12 ways to fortify your business’s defences against cyber threats

In today’s digital landscape, businesses face an ever-increasing threat from cyber attacks. These malicious activities can cause significant harm, ranging from financial loss to reputational damage. It is essential for organisations to prioritise cyber security and implement effective measures to safeguard their sensitive data and operations.

According to Veeam’s 2023 Ransomware Report, 85 per cent of organisations globally suffered at least one ransomware attack in the past 12 months, an increase from 76 per cent experienced in the year prior. It is no longer a matter of whether a business will be targeted but rather how frequently such attacks will occur. While it is impossible to guarantee complete immunity, there are steps that IT leaders can take to increase the difficulty of a successful attack.

1. Be sceptical

Throw caution into things that seem too good to be true. It is important that employees of all levels familiarise themselves with red flags associated with phishing, fraudulent scams, or social engineering. Refrain from clicking on dubious links, previewing websites to view the URL and providing personal information to unknown individuals. These measures form the basis of safeguarding against potential risks while maintaining a secure position.

2. Employ robust passwords and passphrases

Strength lies in length. Utilise passphrases to generate lengthy passwords that are simple to recall yet challenging for unauthorised individuals to decipher.

3. Take your time

When responding to emails, be wary of auto-completion prompts and read each email carefully to ensure that the intended recipient is verified as real. Some emails may be masked as an internal request, but a closer look at the email address can confirm its authenticity. Employees should also remember to click reply or “reply all” where appropriate, especially when it comes to sensitive information.

4. Keep a lookout for malware

Malicious software such as viruses, computer worms, and Trojans can disguise themselves within seemingly legitimate websites, free software downloads, and phishing emails. It is important to have an up-to-date anti-malware program in place to detect and combat such threats.

5. Maintaining security on the go

Laptops should be password protected, and when stepping away from the device, proper hygiene should be taken to lock the laptop. Sensitive information such as banking details and company business should not be openly discussed in public where others may hear.

6. Understanding information sensitivity

Information can be categorised in varying levels of sensitivity, making it important that they are securely locked in an organisational inventory. Data should then be classed accordingly with the appropriate safety measures. This enhances the security of data assets and ensures that employees with clearance can access certain documents

7. Restricting access

IT leaders should restrict access to information and ensure that only select employees are granted access. Doing so can ensure confidentiality and accountability are upheld, providing a clear track history of who viewed materials in the event that documents or information gets compromised. Whenever possible, opt for multifactor authentication to mitigate the potential harm caused by password theft. By limiting access and employing additional authentication measures, IT leaders can strengthen their security posture and safeguard the most valuable data.

8. Staying safe on servers

Many businesses have allowed employees to enjoy work-from-home or work-from-anywhere initiatives in an effort to bolster their work/life balance. For IT leaders, extra care has to be taken to ensure that security measures are implemented on laptops. For employees, they can play their part by tapping into secure networks and prioritising encrypted Wi-Fi connections at all times. Employees should also bookmark URLs where sensitive information is located to minimise the risk of falling for fake duplicate sites. More importantly, employees should always exercise caution when sharing personal information on social media platforms and operate under the assumption that any posted content is public, irrespective of privacy settings. By adopting these practices, employees can enhance their online security and mitigate potential risks.

9. Have a business continuity plan

Despite best efforts, cyber criminals may occasionally succeed in their attempts. It is crucial that organisations have a well-defined incident reporting and response plan in place, ensuring that security teams are promptly notified of any potential compromises. Swift communication allows teams to take immediate action and bolster defences. Regular exercises on how to run a plan after an attack should be reinforced to eliminate any ambiguity and ensure that employees are well-informed on the best contact person in case of an incident.

10. Safeguard connected devices

With the boundaries of business tools and infrastructure expanding to suit the way we work, it is important to establish comprehensive corporate policies. These policies should mandate that any device used for work, which can connect to the internet, must have adequate protection measures in place. This may include anti-malware software, strong passwords, or access controls. Each device may require different security measures, but a fundamental principle to abide by is that if a device can connect to the internet, it should be protected.

11. Always back up data

The Veeam 2023 Ransomware Report states that targeting backups has become the standard operating procedure for hackers, with 93 per cent of ransomware attacks explicitly targetting backups. Three in four backup repositories are affected in a ransomware attack, making it critical to follow Veeam’s recommended 3-2-1-1-0 backup rule. Simply put, data should be regularly backed up in three different locations across two different media. One copy should be offsite, one copy being offline, air-gapped or immutable and zero errors with recovery verification. This method allows organisations to quickly restore data with minimal downtime and keep businesses running.

12. Educate employees and enforce cyber security hygiene

Employees can be an organisation’s best defence against a cyber attack or become the source of one. Regular meetings on how to keep data safe should be conducted, along with tests to ensure that employees stay vigilant. By instilling a security-conscious mindset, your people can play a pivotal role in fortifying your overall security posture.

Anthony Spiteri is the regional chief technology officer for Asia-Pacific and Japan at Veeam.