Protecting your business in the cyber security era
Almost every day we hear reports of businesses being impacted by a lack of effective cyber security practices; often causing significant financial losses, reputational damage and productivity issues.
The recent Capital One data breach saw 106 million customers’ details stolen because of a misconfiguration in its firewall settings. Similarly, the 2017 Maersk ransomware attack was traced back to an accounting package combined with admin login on its server.
For many SMEs, cyber attacks are something that only happens to large, corporate businesses. In our experience, however, there are numerous instances where local businesses have fallen victim to these malicious attacks but have remained quiet.
Despite constant media attention, is the north-east business community learning lessons from these experiences? I remain unconvinced that we’re taking the threat of cyber attacks seriously enough, while user education remains by far the most cost-effective way to safeguard your business.
Our aim at The TechForce is to minimise risks to clients’ businesses and critical information. Here are five steps to help achieve that goal:
1. Find your assets and define the risk: To protect your business, you need to know what assets you have, where they are, who has access to them and what danger they pose. Our aim isn’t to achieve a zero level of risk but to get you to a level of risk that is acceptable.
2. Update and patch your systems: If you do nothing else, patch your systems. There are no silver bullets in cyber security, but patching is the next best thing. Both the Marriott data breach and the NHS ransomware attack are testament to the dangers of not properly updating your systems and software.
3. Network security: Stop the external attacks at your firewall and filter out unauthorised traffic by changing your default passwords, checking open ports, updating network devices and using robust anti-virus software.
4. User education and awareness: Whatever technical controls you have in place, your users are the weakest link in your cyber security. Phishing attacks are the biggest threat to businesses and the best way to mitigate this risk is by educating your users and changing their behaviour through security awareness training.
5. Secure your supply chain: You can do everything right and secure your systems, yet still be stung by your supply chain. There have been several high-profile cases where third-party software have been the cause of a hack. Ask your suppliers and vendors to demonstrate their cyber security credentials as part of a risk assessment.
Security is a culture and it takes time to build. As well as following the above steps to help improve security, businesses and organisations should aim to achieve an industry-supported certification, like Cyber Essentials or Cyber Essentials Plus, to increase confidence among clients and suppliers.
This article first appeared in the AGCC September Business Bulletin
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
How to get your cyber security budget approved by the board
There’s a few ways to improve the approach to the company board that will significantly help to get them onboard with improving cyber security, especially when linking this to risk mitigation.More
The TechForce Sponsorships
Are you interested in kickstarting your career in cybersecurity? You could be eligible for funding towards the CompTIA Security+ exam, covering up to 100% of the exam cost.More
How to start a career in the security industry
There’s usually three ways into any job role. They are education, experience and self study. This post looks at how they work in the cyber and information security industry.More
Secure Your Supply Chain
You might take Cyber Security seriously, but how about your suppliers? Here is why you need to secure your supply chain, now.More
FOR LATEST UPDATES SUBSCRIBE HERE: