After lockdown guide - how to protect your business from cyber attacks

Please be aware that this is a guide only and you should seek specific advice for your business*

With lockdown lifting and many businesses now reverting to working from both the office and at home, businesses need to evaluate their protections to cyber security issues so they cover both ways of working going forward. This is to ensure your business has the adequate protection in place to prevent being a victim of cyber fraud.

Together with our partner the Cyber Resilience Centre, which is a not-for-profit that helps companies develop resilience to cybercrime, we've put together a guide and some questions to ask yourself to make sure you've put the necessary steps in place to protect you, your staff and your business.

How to protect your business from cyber attacks post lockdown

Cyber security is the process of protecting your businesses systems, network and programs from digital attacks. Cyber security is increasingly an important aspect of your business, with cybercriminals always on the lookout for new opportunities.

Cybercriminals are also becoming more and more sophisticated, which can cause financially devastating effects on the businesses they target.

Are your Cloud Services protected?

If your business has taken advantage of cloud services (such as Office365, Google Cloud or Adobe Creative Cloud), you can stop it from becoming a primary target for criminals by making sure all your username and passwords and those of your employees are up-to-date and using strong passwords.

A strong password is recommended to be longer in length, a mix of upper and lower case letters, include numbers and symbols, and have no ties to personal information. Also, making the same passwords aren't reused across accounts.

It's important to make sure all users have two-factor authentication enabled on all remote access software or devices. Two-factor authentication is an additional layer of security to your online accounts beyond the username and password such as login code been sent to a nominated mobile phone.

You can also monitor a website called haveibeenpwned.com, to check if any of your business email accounts have been compromised. If an account flags as having been involved in a breach, make sure you change the password of that account and any other online services that use that same email and password combination.

Remember, phishing is the most common type of cyber-attack against your staff

Used as a trick to plant malware which is malicious software that can cause damage to a computer or network, phishing messages (found in emails, text message or on social media) can steal your passwords or other confidential information.

Phishing remains the most common type of cyber-attack and can result in a huge financial loss. For example a scammer could pretend to be the CEO, HR or IT support of a company and email employees to request transfer of funds, updating of employee details or installing a program.

• Make sure your colleagues are given security awareness training on cyber security every 6 months, with a particular focus when onboarding new employees and suppliers
• Conduct regular testing, monitor training and identify any gaps in knowledge to keep up a good level of awareness
• Mark any email sent as from an external sender (“THIS IS NOT FROM US”) so that employees are prompted to be mindful before opening the email and clicking any links or attachments
• Consider financial controls in place to ensure checks are made for large payments by bank transfer.

Is your business using anti-virus software to scan email attachments and their links before they're opened?

This can help to reduce the risk of getting caught out by a suspicious email. Employees should always refrain from opening potentially dangerous attachments or clicking on links provided on emails and mobile devices.

Have your staff been using their own devices whilst working from home?

The rapid need for digital transformation during the lockdown in the last 12 months has seen an increase in the number of cyber security risks through bad habits, including children using work devices and poor passwords.

It's also more and more common for employees to use personal devices (laptops, phones, tablets etc) for remote working. It's important when coming back into the office that personal devices that could potentially compromise sensitive business information (if lost, stolen or hacked) are checked over and have the necessary firewalls, anti-virus software and strong passwords on company emails and social media accounts.

You can further protect your business by making sure your business has policies in place to help your management team establish rules and procedures for the use of personal devices in the office and at home and using work IT equipment for personal use. This can help to reduce the level of risk that devices pose to a company's network.

If your business hasn't already, you should explore the use of a privilege policy, which can limit employee access to areas of your network. Employees should only have access to networks, websites, accounts and drives that are necessary for them to perform their jobs. It's also recommended to look at filtering websites such as social media and other link sharing sites to prevent employees clicking on malicious links.

Why is it important to have a cyber security plan?

Preparing for a cyber attack should be considered just as important as planning for a fire, flood or any other business disruption. Business continuity plans should be stored offline and reviewed, tested and regularly updated.

Whilst cybercriminals are continuously developing their skills and using more sophisticated tools, the hybrid approach of in-office staff and remote working staff will remain a key threat, alongside any network vulnerabilities criminals can find through phishing.

Your business often won't know the exact route a cybercriminal will take to attack your business, but by understanding the risks, training your employees and staying up to date with the latest cybercriminal tactics this can help to reduce the chance of falling victim to an attack.

You can also use templates provided by one of our partners, the Cyber Resilience Centre, to ensure your business has the most recent cyber security policies and procedures in place. These policies will help to ensure your business has clear security strategies and can respond efficiently if a cyber-attack was to occur.

If you'd like to learn more about cyber security and common types of cyber-attacks, you can read our guide to cyber security.

For more helpful support and resources, The Co-operative Bank Business Exchange hosts a wide range of content tailored to you and your business.

*While all reasonable care has been taken to ensure that the information provided is correct, no liability is accepted by The Co-operative Bank for any loss or damage caused to any person relying on any statement or omission. This is for information only and should not be relied upon as offering advice for any set of circumstances. This is merely a guide and each business is unique in its requirements. Specific advice should always be sought in each instance.