Having read several articles and publications relating to cyber security lately, there are common threads in most.
We are taking this opportunity to supply a simple view of five key elements.
Backing up your data
Not all data needs to be backed up, so we need to find data that is fundamental to your business. This is the “must have” data and your backup process and procedures must ensure your valuable data is protected.
The backups must be separate from your operational data, must not be easily accessible and should where possible have a copy off-site. Cloud options are readily available and may offer a more cost-effective solution for small businesses.
Furthermore, we recommend that the backup processes are automated, become a regular activity, and plans must be in place to evaluate your recovery processes.
Protect your environment from malware
To protect your environment from malware, we recommend that a managed EDR (Endpoint Detection and Response) offering be implemented. Application patch management should form part of the malware defences as well as the ability to control and manage all external drives and USB usage. We also recommend that you investigate solutions that incorporate managed firewalls and web filtering thereby regulating the ability the download harmful applications.
Use passwords to protect your data
We feel that it is necessary to enforce password protection on your devices. There are many password applications that can be deployed to ensure compliance whilst offering the ability to manage passwords.
We also recommend you use of enforce Multi-factor Authentication (MFA).
Where possible, do not enforce regular password changes! This creates confusion for your users and leads to predictability.
Smartphones & tablets safety measures
Mobile devices are key components of today’s always connected, always on world we live in.
Irrespective of BYOD or company owned devices; we recommend that password; pin protection is enabled. Biometrics is the preferred choice if possible. We also recommend that you enhance the security of your business by enabling device tracking, remote locking, and device wipe technologies.
Patch management should once again form part of your strategy, so that operating systems, security and applications are up to date.
It may even be possible to regulate that your users do not connect to unknown Wi-Fi hotspots but use their own mobile hotspot on 4G/LTE/5G to connect.
Avoid spoofing and phishing attacks
DMARC is a key element to any Cyber Strategy and as such must be included in your future. Not only will you protect your domain from spoofing, phishing, and email impersonation attacks, you will protect you brand reputation and improve email deliverability.
References – various websites including: NCSC.gov.uk and Sendmarc.com