The changes in our technology landscape have been significantly altered by the pandemic, however, despite its continued pervasiveness within the news, COVID-19 has not been the only great change that businesses have needed to adapt to. The development of new integrated software to facilitate remote working has created a change in the way businesses operate inside and outside of the workplace, for both clients and employees. With these innovations, there have been additions in the types of cyber threats that businesses now face. Finding ways to prevent cyber attacks on businesses such as network targeting, malware attacks, toll fraud and others that could result in your business being compromised or your data involved in data breaches.
Across all industries, a primary concern is security and compliance: making sure that your business data complies with GDPR legislation and other governmental standards to keep your business safe, compliant and secure.
Here are five cyber security tips you can look to implement within your business to help tighten up practices and improve your approach to cyber security this year.
Multi-Factor Authentication
You will likely already be familiar using Multi Factor Authentication methods when accessing Social Media accounts, online shopping accounts or online banking.
In our view, Multi-Factor Authentication (MFA) is a must-have to help prevent cyber attacks on businesses. When correctly set up across your business, MFA requires two or more verification factors for the user to gain access to a device, online account, application or to access a VPN.
These two things could be a combination of:
- Something that you know, e.g., username and password
- Something that you have, e.g., a verification code sent to your device
- Something that you are, e.g., face or fingerprint recognition
MFA benefits your business by improving security levels as it ensures there is an additional layer of security needed to gain access, reducing the risk of unauthorised access occurring and any potential data loss, theft or data breach.
It is also now a common compliance requirement for GDPR and other security standards such as Cyber Essentials and ISO 27001.
Dark Web Audits
If you are not familiar with it, the Dark Web is a part of the internet that has not been indexed by search engines that contain illicit material that cybercriminals can access and buy such as usernames and passwords, credit card, medical and subscription information.
Keeping an eye on what company information is stored on the Dark Web can prove tricky, however, Dark web audits enable companies to know exactly what information of theirs is available for purchase and where that data has come from. The audit then enables users to identify all weaknesses and quickly change those passwords to secure their business.
Manage Your Security Updates
Hackers and scammers develop their practices at the same speed that security developers create new security software. It is because of this that decision-makers must remain mindful of their business’ environment and ensure applications are kept up to date and regularly patched.
Maintaining your business systems and applications to be “in support” and up to date with security patching is essential to mitigate risk to revenue and reputation. Any vulnerabilities in old applications on servers, workstations, and mobile devices can put your business at risk. In today’s remote working environment auditing your systems can be almost impossible without the right tools that do not rely on a person or device being connected to the office network.
Some recommendations here:
- Centralised patch management for operating systems and applications
- Maintain physical servers and other appliances in-warranty and in-support
- Conditional Access to business data and emails – only allow secure mobile devices
Anti-Malware Protection
As with managing security updates in a remote working world, keeping your business devices protected from malware threats can be very difficult. It is recommended that a centralised cloud-based solution is in place to protect devices and manage device health. A good solution would provide easy auditing of all protected devices, their agent installs health, any outstanding alerts, and remote threat mitigation tools.
Desired features are:
- On-access scanning
- Anti-ransomware
- Global blacklisting (URL filtering rules)
- Endpoint software firewall control
- Endpoint drive encryption management
- External device controls
- Auto-updating of pattern files and the application itself
Best Practices Process
The introduction of a few simple processes can greatly reduce risk around your IT Estate. If every new laptop or network appliance is always set up to a building checklist that follows security best practices then over time you can make confident statements about the security of your IT estate. These best practices should be reviewed following any major changes to the business, its IT infrastructure, or the technology industry.
Some examples are:
- Formalised Starter and Leaver processes
- Server / PC build checklists
- Approved business software/app list
- Firewall rule change management with business justification recorded
If you are keen to discuss the IT Security needs of your business and work with a team of experienced cyber security consultants please get in touch.