Protecting your business in the cyber security era
Almost every day we hear reports of businesses being impacted by a lack of effective cyber security practices; often causing significant financial losses, reputational damage and productivity issues.
The recent Capital One data breach saw 106 million customers’ details stolen because of a misconfiguration in its firewall settings. Similarly, the 2017 Maersk ransomware attack was traced back to an accounting package combined with admin login on its server.
For many SMEs, cyber attacks are something that only happens to large, corporate businesses. In our experience, however, there are numerous instances where local businesses have fallen victim to these malicious attacks but have remained quiet.
Despite constant media attention, is the north-east business community learning lessons from these experiences? I remain unconvinced that we’re taking the threat of cyber attacks seriously enough, while user education remains by far the most cost-effective way to safeguard your business.
Our aim at The TechForce is to minimise risks to clients’ businesses and critical information. Here are five steps to help achieve that goal:
1. Find your assets and define the risk: To protect your business, you need to know what assets you have, where they are, who has access to them and what danger they pose. Our aim isn’t to achieve a zero level of risk but to get you to a level of risk that is acceptable.
2. Update and patch your systems: If you do nothing else, patch your systems. There are no silver bullets in cyber security, but patching is the next best thing. Both the Marriott data breach and the NHS ransomware attack are testament to the dangers of not properly updating your systems and software.
3. Network security: Stop the external attacks at your firewall and filter out unauthorised traffic by changing your default passwords, checking open ports, updating network devices and using robust anti-virus software.
4. User education and awareness: Whatever technical controls you have in place, your users are the weakest link in your cyber security. Phishing attacks are the biggest threat to businesses and the best way to mitigate this risk is by educating your users and changing their behaviour through security awareness training.
5. Secure your supply chain: You can do everything right and secure your systems, yet still be stung by your supply chain. There have been several high-profile cases where third-party software have been the cause of a hack. Ask your suppliers and vendors to demonstrate their cyber security credentials as part of a risk assessment.
Security is a culture and it takes time to build. As well as following the above steps to help improve security, businesses and organisations should aim to achieve an industry-supported certification, like Cyber Essentials or Cyber Essentials Plus, to increase confidence among clients and suppliers.
This article first appeared in the AGCC September Business Bulletin
- New Year cyber security recommendations
- How to uncover network vulnerabilities
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- How to get your cyber security budget approved by the board
- The TechForce Sponsorships
- How to start a career in the security industry
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
New Year cyber security recommendations
In this blog post we give you some new year cyber security recommendations to protect your accounts and identityMore
How to uncover network vulnerabilities
If you are new in IT and want to know where to start finding vulnerabilities on the network you're managing this blog post might be for you.More
Protecting your identity online
Is it possible to really protect your identity online? How do “you” protect your identity online and how do others that have your identification details protect you in the ever expanding “online” aspect of computing?More
What is a VPN and why do you need one?
We tell you in this post why it is useful to have a VPN connectionMore
FOR LATEST UPDATES SUBSCRIBE HERE: