Before you can change or improve your IT security landscape, you need to step back and discover exactly where you stand, and then act upon what needs to be done. In this article we will discuss three key questions that every business needs to address. Then you can read about 5 technical controls that are essential for business cybersecurity today. You can finish up with our pre-assessment checklist to see how simple it is to start the ball rolling and secure your business IT environment.
It is true that you may lack in house skills to carry out a true cybersecurity assessment, so what can you do? Talk to a Managed Security Service Provider that will assess your current situation and help you to identify areas that have already been breached or may be vulnerable. This is not a costly, time consuming project, and never puts your sensitive data at risk. In a single visit, the Your Cloud Works team will help you to assess your level of security and IT productivity. You could even request a free Dark Web Scan to check your business credentials, and their availabilty on the dark web.
An IT security assessment will reveal key areas of your cybersecurity that are rock solid, but of course there will be areas that need significant improvement. Based on the assessment, you can establish a company wide Cybersecurity Policy that serves a a baseline. Once you understand your security baseline, you will be able to launch and monitor the correct Cyber Safety protocols across every member and every department of your company. A simple example of one key baseline element is your company password policy: How often are they changed? What level of password security is required? Does everyone understand the importance of password security? Your team members will require regular security awareness training and testing to maintain a healthy cybersecurity culture, and observe high levels of data protection and GDPR compliance. Our Cybersecurity 101 Blog Series will give you an insight on how to reduce and avoid costly GDPR breaches.
An assessment will ideally shine a light on areas of your business that are vulnerable to cyber attacks. Once you have discussed the results of your review with your technology partner, they should also offer the most practical solutions to strengthen your security. Due to budget restrictions, you may have to prioritise the security services that you choose to protect your business. Your Cloud Works is an MSSP that guides businesses towards complete Cyber Essentials and GDPR compliance. Some aspects of Cybersecurity and Data compliance can be so easy to correct and maintain, such as safe password management. When you start to discuss firewall, antivirus and ransomware protection, you really do need to talk to experienced professionals. In our Cybersecurity 101 Blog Series we have tried to discuss these important issues in a way that any business owner can understand and process with ease.
You should protect your Internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other, external networks. In the simplest case, this means between your computer (or computers) and ‘the Internet’. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed onto your network.
Cyber Essentials Certification and GDPR compliance require that you configure and use a firewall to protect all your devices, particularly those that connect to public or other untrusted Wi-Fi networks.
Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.
Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised users accessing your devices. Passwords should be easy to remember and hard for somebody else to guess. The default passwords which come with new devices such as ‘admin’ and ‘password’ are the easiest of all for attackers to guess.
Cyber Essentials Certification and GDPR compliance require that only necessary software, accounts and apps are used. If you would like more information on choosing passwords, search www.ncsc.gov.uk for ‘password’.
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them. Many enterprises never take the time to check this aspect of their Cybersecurity.
Check what privileges your accounts have – accounts with administrative privileges should only be used to perform administrative tasks. Standard accounts should be used for general work. By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised.
Cyber Essentials Certification and GDPR compliance requires that you control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled.
Malware is short for ‘malicious software’. One specific example is ransomware, which you may have heard mentioned in the news. This form of malware makes data or systems it has infected unusable – until the victim makes a payment. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.
Where does malware come from? There are various ways in which malware can find its way onto a computer. A user may open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware. Talk to Your Cloud Works to discuss how to defend against all types of malware today. We can help you with secure Anti-Malware and anti-virus measures, Whitelisting and Sandboxing.
Cyber Essentials Certification and GDPR compliance requires that you implement at least one of the approaches listed above to defend against malware.
No matter which phones, tablets, laptops or computers your organisation is using, it’s important they are kept up to date at all times. This is true for both Operating Systems and installed apps or software. Happily, doing so is quick, easy, and programmable.
‘Patching’ – Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security. Operating systems, programmes, phones and apps should all be set to ‘automatically update’ wherever this is an option. This way, you will be protected as soon as the update is released.
However, all IT has a limited lifespan. When the manufacturer no longer supports your hardware or software and new updates cease to appear, you should consider a modern replacement.
Cyber Essentials Certification requires that you keep your devices, software and apps up to date.
We are very interested in reading you feedback, comments or general ideas that you would like to share about cybersecurity and IT support. Please feel free to leave your comment, like or share with others who may enjoy this post.
Now you can request you FREE Security Assessment checklist PDF. This tool will help you to answer the initial Cybersecurity questions raised in this article. If you don’t know the answers, you need to know who in your business does have the answers to these questions. Our PDF request form is below. Please scroll down to reach the submit button when you have completed the form.