Cyber Monday, landing just a few days after its real-world cousin Black Friday, is traditionally one of the busiest days of the year for online shopping. In 2017, over a third of all Brits ventured online to make a purchase in the sales as the UK spent in excess of £7.8billion over the entire long-weekend.
Such figures will be music to your ears if you’re a business with a strong presence on the web and a history of online sales. But beware, not everyone on Cyber Monday is online with the same good intentions.
As the number of online users continues to increase, so does the number of cybercriminals just waiting to access your systems.
Ensuring you’re well protected is time-consuming process, but we’ll offer some guidance with these six fundamental areas you need to cover.
Prioritise Internet Security
Hackers would take great pleasure in bringing down your website on one of the most lucrative days of the online calendar.
A popular approach hackers use is a Distributed Denial-of-Service attack, better known as DDOS. This is when multiple systems flood the bandwidth or resources of a targeted system to bring their servers (and thus website) down. Speak to an expert to make sure you have all the correct safeguards, such as bandwidth buffering, in place in the event of an attack.
There are other simple solutions you can put into place such as URL filtering, which allows you to protect staff by denying access to specific websites based on information contained in their URL. By implementing the filters, you can block out pages that are likely to include links to spyware and other online viruses.
Keep updating your firewall patches
You wouldn’t leave the office at the end of the day with the doors left unlocked, so why do it with your IT systems? Although not immune to everything (especially pesky malware) firewalls are the cornerstone and first line of defence against online attacks. Make sure you update them at regular intervals and under no circumstances allow them to become outdated.
Don’t forget to run updates on equipment both on and off premise too. There’s no point in protecting everything at HQ if you have remote staff connecting to your network from devices with out-of-date protection.
Make sure your passwords are generated at random and updated regularly
You can have the best firewalls in the world but if your staff have easy-to-guess passwords then you’re practically giving cybercriminals the keys to the kingdom. It’s Christmas come early for hackers when the passwords they need end up being along the lines of “firstname1234” or the dreaded “password” (trust us, they have access to software which can crack this in a matter of minutes).
Ensure your IT team generates almost impossible to guess passwords for staff. Have new codes generated containing upper and lower case letters, numbers and other types of symbols. Having these expire and regenerate every few months is also advisable.
Secure your wireless network
With many modern companies so heavily reliant upon digital interaction for their day-to-day activities, for some, implementing a business Wi-Fi network has become essential.
Unfortunately, and especially for many smaller companies, businesses quite often lack the in-house cyber skills to fully secure their network. Remember, you’re particularly vulnerable as attackers don’t even need to be onsite in order to attempt access.
Setting up passwords is a good start, but here are a few extra steps to consolidate your security:
- Set up private and public access: You’re asking for trouble allowing staff and the public to connect to the same network. Use a Service Set Identifier (SSID) to establish two unique points of access to the network.
- Change your network name: Having your network contain your business name is fine. Afterall, you want people to find you. But remember to delete any reference to the name and model of your router. You’re giving hackers a head start by revealing the hardware you use.
- Use Wireless Protected Access 2 (WPA2) encryption: Wired Equivalent Privacy (WEP) encryption is a good start but considered easy to crack by most experienced hackers. If you don’t already have it, speak to your providers about installing the tougher and more robust WPA2.
Increase staff awareness of the dark web’s sinister traits.
You can use every piece of software under the sun but at the end of the day, human error can still let you down.
Consider running internal IT security training so staff can recognise the tell-tale signs that they might be under threat. Whether it’s identifying a suspicious looking email or teaching them how to determine the safety of a website, it will go a long way in keeping you that little bit safer.
Consider penetration testing
Think you’ve got everything in place this Cyber Monday? Well the best way to find out is by testing your network. Penetration testing involves experts (manual or software-led) performing deliberate attempts to gain access to your IT systems (don’t worry, they’ll only identify the weakness, not exploit them). Once they’ve diagnosed the vulnerabilities in your system, you can then plan the next stages of your IT roadmap.
At this point, you might still be part of the “it’ll never happen to me” mindset. But to think that only a small number of large businesses are under threat would be naive.
Statistics published by the UK government in April 2018 found that 43% of all UK businesses had suffered some form of cyber attack in the previous 12 months (with the figure rising to 72% when only surveying large businesses).
Don’t let your business become just another statistic this Cyber Monday (or any other Monday for that matter). Speak to Great Annual Savings today and we can undertake a full audit of your IT systems and provide you with the peace of mind you need. Call us on 0800 130 3514 or email us and we’ll be in touch.