The importance of cyber-security increases daily, with more and more sensitive information and company data being stored online, and therefore being a target for cyber-criminals. Cyber-security aims to reduce the risk of cyber-attacks and protects against the invasion or exploitation of systems, networks, and technologies. This article aims to offer employers guidance regarding what steps they should take after experiencing a cyber-attack.
Steps to Take After Experiencing a Cyber-attack
When a cyber-attack occurs, it is important that your organisation has a plan in place to respond and mitigate the damages caused. For cyber-security cases it is certainly a time sensitive subject, and your incident response plan must specifically address key actions to implement immediately after the attack.
During the first initial hours, your organisations response can ensure business continuity, protect stakeholders, limit legal repercussions, and put a stop to the incident quickly and efficiently. Successfully containing a cyber-attack or data breach can also result in significant financial benefits.
To minimise the long-term damage of a cyber-attack, employers should consider taking the following steps immediately after a breach occurs:
What is Two-factor/multi-factor authentication
Two-factor authentication, also known as multi-factor authentication, is where a user must provide two, or more, pieces of evidence to verify their identity in order to gain access to an app or digital resource.
Using Two-factor Authentication
Employers are strongly advised to consider utilising two-factor authentication in their organisation, in order to improve their company’s cyber-security, and reduce the chances of a damaging data breach.
Two-factor authentication gives an extra layer of security when an employee or other user attempts to login to the company’s system or network. As well as the standard password barrier, two-factor requires an additional form of confirmation because even the strongest of passwords can be breached by hackers. Without a second form of proof being required, cyber-criminals could potentially gain access to important accounts, private systems, customer files and other sensitive information.
There are many options to consider when it comes to implementing two-factor authentication, which include:
The National Cyber Security Centre recommends organisations set up two-factor authentication for ‘high value’ accounts that contain important information. Email accounts should also be protected by two-factor authentication. Cyber-criminals who hack into an email account may then be able to use that access to reset passwords for other services.
NCSC Report Scam Website Tool
The National Cyber Security Centre (NCSC) has created a new tool that allows users to report scam websites. It is the NCSC’s attempt to recruit the public to help fight against cyber-criminals.
Cyber-criminals can use fake websites in an attempt to download viruses onto a user’s device or steal passwords and private info from accounts.
The NCSC tool requests that users provide the following information:
Once the NCSC has received the report, they will then analyse the website in question. If it is found to be a scam or malicious, a notice will be issued to the hosting provider in an attempt to get the site removed.
This service is a way of bolstering the NCSC’s efforts to combat scam websites, adding to last years Suspicious Email Reporting Service, which allows users to forward suspicious emails to email@example.com.
For more information on Cyber-security Insurance, or to speak to a broker, contact us today.