Cyber Security in 14 Steps
Here’s a guide to how you can help protect your business from a Cyber Attack, in just 14 steps:
1. Security assessment.
Carry out a security assessment. It gives you a baseline but also highlights existing vulnerabilities. Can you remember when your last assessment was?
2. Email security
Email remains the key way for cyber criminals to target a business or individuals. This is because it is the channel most are vulnerable and also it can be manipulated easily by cyber criminals. Securing your email is key. Reducing the amount of spam you receive reduces the risk of an attack.
3. Security policies
Your business should have security policies to help reduce the risk of threats. You can do simple things like limit USB file storage, password policies, user screen timeouts and limiting user access.
4. Train your users
You’re only as strong as the weakest link. Educating users on data security, email and the policies and procedures you’ve developed. There’s also ways they can stay safe personally to – just check out this Safe Shopping guide.
5. Protect your systems
Data is an integral part to any business. Protecting it from malware, viruses and cyber attacks can be done using advanced endpoint security. Don’t think your old anti-virus has you covered and certainly don’t rely on FREE protection. The latest tech affords you protection against file-less and script based threats.
You can find more on protecting your data with these 10 Simple Tips to Keeping Data Secure article.
6. 2 Step login
Many systems now utilise multi-factor logins. So think about your banking how it may ask for two different passwords/codes/keys. This is available on your network, banking and even social media. If your passwords are stolen or hacked, your data can still be safe, not to mention your reputation.
7. Computer updates
We’ve all been there. Needed to get on your PC or laptop and it decides to install updates. These are so important. Keeping Microsoft, Adobe and Java products improves security and helps protect you from the latest known attacks.
8. Dark web research
You can visit Have I Been Pwned to see what passwords and accounts have been posted on the Dark Web. This helps in being proactive to prevent a data breach as it pretty much tells you what accounts you should change a password on.
9. SIEM/Log Management
Security Incident and Event Management or Log Management means all event and security logs can be reviewed on all covered devices. It means you’re protected against advanced threats and the added bonus is that you tend to meet compliance requirements too.
10. Internet security
Security of the internet is a race against time. You should use tools that detect web and email threats as they emerge so they can be blocked immediately – before they have a chance of reaching the user.
11. Mobile device security
Many businesses now facilitate mobile working issuing phones and tablets to employees. Cyber criminals will target these too and will expect you to neglect this technology, so having mobile device security is recommended. This should cover all devices that connect to your data/network and policies for personal devices should be put in place.
Sounds basic but many have them but don’t have them turned on. Ideally you also want to send log files to your SIEM (see 9. above) by enabling intrusion detection and prevention features.
The more the better with this one. Whenever possible data should be encrypted. Many only think about files stored on a network – however, files sent by email should be considered too, not to mention mobile devices too.
Look to have a strong backup policy. Local. Cloud. Offsite. An offline backup for each month of the year should have you covered. However, do make sure you’re also testing your backups often to make sure they’re working properly.
A quick quiz?
- Do you know when your last security assessment was?
- Where can you find your security policy?
- Have you trained your staff or have you been trained on your business’ security policies?
- Do you know what protection your data, systems and mobile devices have?
- Are your updates automated?
- Do you encrypt files and data?
- Are you creating backups and running test restores?
The answer to all the quiz questions is “Yes”.
If you didn’t get 7/7 don’t worry – just give us a call.
We can help keep your business, data, systems, brand and reputation safe.
T: 01482 97 44 44