The National Cyber Security Alliance (NCSA) runs an annual Cyber Security Awareness Month throughout October. Each week of the month focuses on a different theme and the challenges facing the industry — demonstrating how every business can change its behaviour online to improve IT security.

Through the use of key messages and social media hashtags such as #FightThePhish and #BeCyberSmart, people from all over the world have engaged with the NCSA’s awareness initiative this year, sharing both their concerns and advice for tackling the ever-present threat of data breaches in the digital world.

So, what were the main takeaways from the month — and how can businesses ensure they maintain their progress and make cyber security a priority all year round?

What did we discover?

IT security awareness is a more pressing concern now than ever before, with cyber criminals and threat actors tirelessly adapting their tactics to exploit vulnerable systems successfully.

United Nations officials warned that the frequency of phishing scams increased by 600% in the wake of pandemic-related digitisation in 2020. And the widespread adoption of cloud-based technology has also led to a 630% increase in threats to cloud services from external actors.

Cyber Security Awareness Month has also highlighted what many in the industry already knew: human error is a leading cause of cyber breaches. In fact, research has found that a staggering 95% of breaches happen due to human error, which means it is essential for organisations to ensure no employee becomes the weak link that opens the door for hackers to access critical business systems.

However, the initiative has also revealed that businesses of various sizes and sectors are still falling short of the necessary security processes to keep sensitive data safe and online systems fully functional. So, how can you ensure your organisation is prepared for a cyber attack?

1. Deliver education and training

Cyber security is everyone’s responsibility — not just the IT department’s.

From explaining the psychology behind phishing emails and enrolling new staff on training courses to providing practical instructions for what to do in the event of a breach, fostering a cyber-aware culture within an organisation will go a long way to minimising the risk of a successful cyber attack occurring.

2. Secure your passwords

Weak passwords are one of the first vulnerabilities a hacker can exploit. Ensuring your passwords are strong and secure is one thing, but password protection only protects your business systems to an extent — particularly on cloud-based systems.

Instead, use a password manager to ensure all passwords remain protected and enforce multi-factor authentication (MFA) to add an extra layer of protection. MFA works by requesting an added level of authentication before giving access to company data, reducing the likelihood of illegitimate external users accessing private systems.

3. Automate risk management

Establishing the quality of your business’ IT security with a risk assessment is the start of any good cyber strategy. But it can be challenging to continually manage these risks when systems and software are constantly evolving.

Businesses can automate identifying and monitoring threats using the latest developments in artificial intelligence (AI) and machine learning (ML). This process creates an audit trail for every system, enforcing zero-trust security and reducing the risk of missing a breach.

4. Back up data consistently

Many cyber criminals intend to hold your data for ransom. So, if you cannot access your data in another way, your business will be entirely at the mercy of the attackers. That is why an effective, frequent and consistent backup strategy is essential.

Many experts recommend that businesses follow an updated variation of the traditional 3-2-1 rule to improve disaster recovery and ransomware defence — the 3-2-1-1 rule. This rule suggests that companies retain at least three copies of business-critical data and that data is stored in at least two different media formats. Then, one copy should be kept in an off-site location (for disaster recovery) and another immutable one in an offline or air-gapped network (for ransomware attacks).

5. Invest in IT departments

Considering that the average cost of a cyber attack was £2,670 across UK businesses between May 2020 and May 2021, this is no time to take a foot off the pedal when it comes to investing in cyber security.

Yet, according to a recent survey, 57% of IT security professionals stated that their security programme lacks the proper executive support. And with the cyber security industry facing a burnout crisis that contributes to a shortage of skills and labour in this sector, businesses must ensure they set aside appropriate budgets to enable IT teams to carry out their work effectively.

6. Ensure equipment and software are up to date

Outdated hardware and software are ideal targets for cyber criminals — and make it more difficult for employees to work efficiently. So, upgrading your software will improve stability and prevent crucial systems from crashing.

Software updates constantly repair the security holes that are often targeted by malicious software (malware). Turning on automatic software updates is a simple way to allow operating systems and security applications to continue flagging and removing critical vulnerabilities to keep protecting your data.

7. Bolster remote working solutions

With more people working remotely from personal computers and networks, ensuring all employees have secure access to up-to-date technology has become more complicated. As a result, 93% of IT teams surveyed said they do not have access to the tools they need to keep up with cyber threats.

Setting up a virtual private network (VPN) ensures your staff can access a secure network while working from home. And do not forget mobile devices — mobile device management software protects business data whilst optimising functionality.

Keeping up with the IT security requirements of the digital world is no small task. Burning Tree delivers independent, structured capability maturity model (CMM) assessments and targeted assessments based on proven reference architecture on identity and access management (IAM), network security, cyber security, risk management and more. These assessments are performed as a one-off and as multiple annual and biannual reviews — contact us today to discuss your company’s needs.