Train your employees
Phishing scam letters have become the most common way of attack: a worker receives a letter from an unknown user with a link to an external resource or with a malicious file. This way the infection takes place, and the consequences may become irreversible.
Hackers become more inventive: you may receive a letter from an “official representative of a company”, the address will be different in one letter, and you will not notice the difference.
Therefore, you should hold trainings and seminars where employees can learn about the sources of threats, about what to do if an incident has taken place (a malicious file was opened, an employee installed software that damaged the system, etc.). It is necessary to arrange training events on a regular basis: criminals are creating new methods of systems hacking and data theft.
Develop a plan of response to hacker attacks
Do your employees know what to do after opening a phishing scam letter? Or after files disappear from the desktop? Majority of workers try to rectify a problem on their own or to conceal an incident, if the consequences are non-obvious. As a result, you lose time and chances to remedy the situation with minimum consequences.
For example, by gaining access to one device, a criminal can get into the whole system. This way, as a result of hacking one account, hackers have gained access to an audit company’s correspondence with clients. There are many similar examples, so you should have a clear algorithm of actions: what to do in case of a threat of infection, to which employee to turn to, whether it is worth trying to solve the problem on one’s own, etc. You will have to familiarise each and every employee with such an instruction.
Hold audit of information systems
This step will provide you with an insight into the information systems’ errors hindering the business development, as well as into the extent of the systems protection against cyberattacks. Try to involve only reliable contractors to the audit.
Install intrusion tracking systems
Modern systems analyse data flows in communication channels by the type of protocol being used. Owing to new technologies, a system administrator can prevent unauthorised intrusions by application protocols: HTTP, Skype, FTP, etc.
The systems can also block malicious traffic and requests for remote control of a computer.
Improve the personnel’s skills
A highly skilled security service is not a fancy of large companies but a necessity for any business.
The work of your IT specialists should be based on the “forewarned is forearmed” principle. Now, a great number of both Russian and foreign webinars, trainings, seminars take place, some of them may be attended for free.
Source:
Subscribe to our publications
We write only about the most important. You will be the first to know about economic events that affect your business, how to reduce costs, optimize the company's operations and make the right management decisions without immersion in operational processes.
Subscribed
