Ponemon Institutes has recently completed a study of 1,000 UK and US SME’s and has found that the majority of cyber-attacks on these size organisations are a result of poor password management.
The results of the survey showed that 61% of respondents reported a cyber-attack and 54% reported a data breach. While 52% of those involved in the survey reported a ransomware attack, 53% also reported being hit by more than one attack. The average number of stolen records has risen from just over 5,000 per attack last year to 9,350 this year - that’s an incredible increase of 87%.
Yet according to the National Cyber Security Centre’s (NCSC) review report, they have managed to prevent almost 1,200 attacks in the last two years. The UK’s top cyber-defence centre has stated that it is currently defeating an average of 10 attacks a week.
It is obvious that these attacks are becoming more the norm, so why are SME’s still failing to learn and arm themselves against such attacks? The latest Verizon Data Breach Investigations Report noted that 81% of all cyber-attacks result from poor password management practice. While this latest Ponemon study showed that 59% of respondents said they have no visibility of their employees’ password practices.
So what should SME’s do?
Having a secure and reliable companywide password policy is one of the key factors to protecting your organisation from a potential attack. If your passwords are weak your protection is weak. SA1 Solutions suggest some of the following points to help enhance your companies’ password policy:
- Passwords should use a mix of uppercase, lowercase letters and numbers, special characters are also recommended. To make it even more secure they should be a minimum of 6 characters long.
- Passwords shouldn’t contain anything obvious, e.g the employees name, company name or associating words, for examples admin shouldn’t have a password that contains the word admin.
- Employees should also be forced to change their password at least every 90 days and where possible two factor authentication should be used.
Having the correct security products on the devices employees use should also be something that companies take into consideration. SA1 Solutions uses a multi-layer Security approach to ensure maximum security, other tips we have for SME’s to stay secure are:
- Make sure your Anti-Virus is always up to date
- Good Spam Filter systems are a must in today’s business world
- Make sure that employees are only accessing work systems on secure devices, this means if they are using a personal laptop be aware that they might not have the same level of security.
- Spoofing controls on your domain records, adopt controls like SPF, DKIM and DMARC. This will reduce the risk from Spoofed emails from your domains.
For more information on anti-virus, password protection or if you would just like to speak to someone to see how secure your organisation actually is contact SA1 Solutions engineer team now on 01792 464242 or email email@example.com
Having a sufficient IT infrastructure is a fundamental component to any organisation that wants to function efficiently and effectively in this economic market.
The UK has recently opened its new National Cyber Security Centre, which is part of a £1.9bn five-year strategy by the UK government to tackle cyber crime.