Protecting your business in the cyber security era
Almost every day we hear reports of businesses being impacted by a lack of effective cyber security practices; often causing significant financial losses, reputational damage and productivity issues.
The recent Capital One data breach saw 106 million customers’ details stolen because of a misconfiguration in its firewall settings. Similarly, the 2017 Maersk ransomware attack was traced back to an accounting package combined with admin login on its server.
For many SMEs, cyber attacks are something that only happens to large, corporate businesses. In our experience, however, there are numerous instances where local businesses have fallen victim to these malicious attacks but have remained quiet.
Despite constant media attention, is the north-east business community learning lessons from these experiences? I remain unconvinced that we’re taking the threat of cyber attacks seriously enough, while user education remains by far the most cost-effective way to safeguard your business.
Our aim at The TechForce is to minimise risks to clients’ businesses and critical information. Here are five steps to help achieve that goal:
1. Find your assets and define the risk: To protect your business, you need to know what assets you have, where they are, who has access to them and what danger they pose. Our aim isn’t to achieve a zero level of risk but to get you to a level of risk that is acceptable.
2. Update and patch your systems: If you do nothing else, patch your systems. There are no silver bullets in cyber security, but patching is the next best thing. Both the Marriott data breach and the NHS ransomware attack are testament to the dangers of not properly updating your systems and software.
3. Network security: Stop the external attacks at your firewall and filter out unauthorised traffic by changing your default passwords, checking open ports, updating network devices and using robust anti-virus software.
4. User education and awareness: Whatever technical controls you have in place, your users are the weakest link in your cyber security. Phishing attacks are the biggest threat to businesses and the best way to mitigate this risk is by educating your users and changing their behaviour through security awareness training.
5. Secure your supply chain: You can do everything right and secure your systems, yet still be stung by your supply chain. There have been several high-profile cases where third-party software have been the cause of a hack. Ask your suppliers and vendors to demonstrate their cyber security credentials as part of a risk assessment.
Security is a culture and it takes time to build. As well as following the above steps to help improve security, businesses and organisations should aim to achieve an industry-supported certification, like Cyber Essentials or Cyber Essentials Plus, to increase confidence among clients and suppliers.
This article first appeared in the AGCC September Business Bulletin
- Why is Cyber Essentials Important?
- TechForce Cyber COVID-19 assistance
- The Essential Cyber Hygiene for your business
- Why do you need a SIEM?
- New Year cyber security recommendations
- How to uncover network vulnerabilities
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Invoice fraud email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
Why is Cyber Essentials Important?
More often than not customers ask us the question ‘Why is Cyber Essentials important?’ or ‘Why do we need Cyber Essentials Certification?’More
TechForce Cyber COVID-19 assistance
We are facing one of the biggest challenges we have ever seen. COVID19 sweeping the country. At TechForce, we are trying to do our bit to help.More
The Essential Cyber Hygiene for your business
We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your businessMore
Why do you need a SIEM?
A SIEM is a security information event manager, which very simply means its software that manages events regarding information security, simple enough.More
FOR LATEST UPDATES SUBSCRIBE HERE: