Preventing a cyber-attack
2nd July, 2018
Cyber awareness and security has been an insurance hot topic recently, so you are probably already aware of what a cyber-attack is. For those unsure, it is essentially when a hacker tries to damage, destroy or steal from computer networks and online systems.
Such an attack can be detrimental to your business, costing not only thousands of pounds to recover from, but also damaging your reputation. Therefore, it is essential to be able to spot a cyber-attack and have a few simple prevention methods in place.
Types of cyber-attacks to be aware of:
- Malware - harmful software, such as viruses, spyware and ransomware. Once malware is on your computer, it can take control of your machine, monitor your actions, sending confidential data from your computer or network to the hacker’s system. It is designed to operate on a compromised system without the consent of the user.
- Phishing - the aim is to trick or coerce targets into sharing sensitive and valuable information such as bank details and company data. There are three main types of phasing: spear, whaling and clone. All of these methods target companies collecting data that makes the hacker look as authentic as the business. Data will include email addresses, logos, website addresses and more.
- SQL Injection Attack - a language designed to manipulate and manage data in a database and can trick systems into doing unexpected and undesired things, such as bypassing authentication, stealing data, modifying or corrupting data, deleting data, running random code, or gaining root access to the system.
- Denial-of-Service (DoS) - disrupting or preventing legitimate users from accessing websites, online rescuers and network systems.
- Network-Targeted Denial-of-Service - the attacker will attempt to use up all available network bandwidth so that legitimate and actual traffic can no longer pass to or from systems. · System-Targeted Denial-of-Service - limited system resources such as memory, CPU, and disk space are intentionally used up by the hacker in order to disrupt normal operations.
- Man-in-the-Middle Attacks - allows attackers to listen and spy on the communication between two target hosts. Hackers can hijack your session with a website, can create a Wi-Fi connection and wait for you to connect or use a fake Wi-Fi node, or target email accounts by spoofing.
- Credential Reuse - Once hackers have a collection of usernames and passwords from a breached website or service, which can be easily acquired on any number of black market websites on the internet, they know that if they use these same credentials on other websites there is a high chance they will be able to log in.
Attacks come in many forms such as: a downloadable file posing as something else, en email link or attachment, a redirect link, spoof emails and websites, and through an infected USB drive.
Alongside having a solid firewall and antivirus system, we have compiled a list of 10 simple cyber-attack prevention tips that you can implement now:
1. Use passwords that are not easy to guess and avoid using the same one for different systems - use a combination of uppercase and lowercase and numbers
2. Update software regularly as it will contain the most recent security measures - check your software preferences and opt for automatic updates
3. Always back up using the 3-2-1 rule (3 copies, 2 different Media, 1 copy off-site) - there are a number of online services that will backup your machine automatically
4. Be aware of installing software, especially if you did not actively source it - before you click the download, make sure it is software you have chosen
5. When browsing check for a secure connection in your browser (HTTPS) - there should be a padlock symbol next to the website address
6. Use a two-factor authentication where available - enable this in your preferences if you can
7. Encrypt all sensitive data - use available online tools to do this automatically
8. Use an ad-blocker on all websites - designed to protect your privacy and prevent malicious malware attacks
9. Disable third-party cookies in your browser - block cookies that aren’t delivered by the site you are visiting
10. Get a Cyber Insurance policy to support your cyber security strategy.
We also strongly suggest training all of your staff on cyber security and review your security measures regularly.
For further information on Cyber Risks Insurance, please contact us on:
Tel: 0115 973 7303