Identifying cyber risks is a difficult task. Just where do you start and what should you be looking for? Read on for key areas we have identified which will help to reduce the risk.
Cyber Security need not just apply to large corporations. Even small businesses need to be conscious of cyber threats and take action.
The first step is to review security on a regular basis, achievedby establishing a governance structure. You should then determine your business’s appetite for risk. Finally, produce supporting policies and make sure your board members are fully aware of the risk and have accepted it.
1. User education and awareness
Training your staff to identify risks associated with cyber-crime will significantly reduce the chances of your company being targeted. Social engineering of your employees in order to gain information is a huge problem. Basically it’s a type of confidence trick to gain access to systems in order to steal your information. Having a staff education programme, backed up with policies and procedures, gives your staff the confidence to identify scams which try to defraud your company.
2. Home working
Establish from the start how your users will connect and what devices they can connect with. Make sure you have a secure baseline build which is applied to all devices and establish a secure way of protecting data in transit and at rest. For more information about securing remote users read “Staying connected in business” blog. It is extremely important that you keep up to date with patching and that you make sure you maintain a secure ICT configuration. This should be part of your baseline build for all devices that have been approved to connect to your network. Build a policy which explains which devices are approved to connect to your network and why.
3. Removable Media
Many companies still allow removable media such as memory sticks and portable disk drives. If your company allows this, we recommend you scan all devices for malware and make sure that all portable devices are encrypted and password protected. It is also worth setting up group policies for removable media which allows users read only and write only access if the device is encrypted. We also recommend that your company supplies the media for your employees and that an inventory of these devices is kept.
4. Access Control
Managing access and limiting the number of privileges is recommended for controlling access to your environment. Limiting user access minimises the chances of confidential company information being abused or stolen. Formulating an access control policy is the best way of managing large user groups. Understanding who needs access to what and why will speed up the processes and provide an additional level of security. It is also advisable to have some form of auditing and monitoring of user activity.
5. Incident Management
This should be established to deal with security breaches or disaster recovery situations. It is advisable to produce and test your incident management plans on a regular basis. This will allow you to identify areas which need improvement and provide specialist training where needed. Continuous monitoring of all ICT systems is paramount for protecting the confidentiality, Integrity and availability of your information. Take the time to analyse the logs produced and seek out any unusual activity which could indicate an attack.
Enforce complex passwords within your business and make sure that you have a policy which clearly defines what is required. Passwords should expire after 30 days and should not be shared. For more information about password policies read “Are your passwords secure”
Protecting your ICT against Malware is hugely important and should be carried out on a company-wide basis. Produce an anti-virus policy and make sure people are aware of the potential dangers. Monitor to make sure that updates are being applied to all devices and rigorously inforce the policy. Malware can cause severe disruption to companies, which will have a significant impact on your revenues.
8. Network Security
Your network needs to be secure from external and internal attacks. Make sure you have a perimeter firewall which is able to content filter. Set-up properly, your firewall will filter out unauthorised access and deny access to sites that you do not want your employees to visit.
Latest posts by Tony Cohen (see all)
- What the cloud means for your business - September 30, 2016
- The importance of backing up your business data - September 30, 2016
- How to utilise technology to be more productive out of the office - September 30, 2016