Eight steps to cyber security

Identifying cyber risks is a difficult  task. Just where do you start and what should you be looking for? Read on for  key areas we have identified which will help to reduce the risk.

Cyber Security need  not just apply to large corporations. Even small businesses need to be conscious of  cyber threats and take action.

The first step is to review security on a regular basis, achievedby establishing a governance structure.  You should then determine your business’s appetite for risk. Finally, produce supporting policies and make sure  your board members are fully aware of the risk and have accepted it.

1. User education and awareness

Training your staff to identify risks associated with cyber-crime will significantly reduce the chances of your company being targeted. Social engineering of your employees in order to gain information is a huge problem. Basically it’s a type of confidence trick to gain access to systems in order to steal your information. Having a staff education programme,  backed up with policies and procedures, gives your staff the confidence to identify scams which try to defraud your company.

 2. Home working

Establish from the start how your users will connect and what devices they can connect with. Make sure you have a secure baseline build which is applied to all devices and establish a secure way of protecting data in transit and at rest. For more information about securing remote users read Staying connected in business blog. It is extremely important that you keep up to date with patching and that you make sure you maintain a secure ICT configuration. This should be part of your baseline build for all devices that have been approved to connect to your network. Build a policy which explains which devices are approved to connect to your network and why.

3. Removable Media

Many companies still allow removable media such as memory sticks and portable disk drives. If your company allows this, we recommend you scan all devices for malware and make sure that  all portable devices are encrypted and password protected. It is also worth setting up group policies for removable media which allows users read only and write only access if the device is encrypted. We  also recommend that your company supplies the media for your employees and that an inventory of these devices is kept.

4. Access Control

Managing access  and limiting the number of privileges is recommended  for controlling access to your environment. Limiting user access minimises the chances of confidential company information being abused or stolen. Formulating an access control policy is the best way of managing large user groups. Understanding who needs access to what and why will speed up the processes and provide an additional level of security.  It is also advisable to have some form of auditing and monitoring of user activity.

5. Incident Management

This should be established to deal with security breaches or disaster recovery situations. It is advisable to produce and test your incident management plans on a regular basis. This will allow you to identify areas which need improvement and provide specialist training where needed. Continuous monitoring of all ICT systems is paramount for protecting the confidentiality, Integrity and availability of your information. Take the time to analyse the logs produced and seek out any unusual activity which could indicate an attack.

6. Passwords

Enforce complex passwords within your business and make sure that you have a policy which clearly defines what is required. Passwords should expire after 30 days and  should not be shared. For more information about password policies read “Are your passwords secure”

7. Malware

Protecting your ICT against Malware is hugely important and should be carried out   on a company-wide basis. Produce an anti-virus policy and make sure people are   aware of the potential dangers. Monitor to make sure that updates are being applied to all devices and rigorously inforce the policy. Malware can cause severe disruption to companies, which will have a significant impact on your revenues.

8. Network Security

Your network needs to be secure from external and internal attacks. Make sure you have a perimeter firewall which is able to content filter. Set-up properly, your firewall will filter out unauthorised access and deny access to sites that you do not want your employees to visit.

The following two tabs change content below.

Tony Cohen

Tony joined BT in 1987 and chose to develop his career in data communications. He moved from an engineering to programme management role with Global One before taking up a position as Global Account Director in 1999. Tony joined iPass in 2002 where he was Head of channel sales before moving to Intermedia to grow their European channel sales organisation. In 2012 Tony joined FSI Cloud as General Manager to accelerate the development of their hosting and managed IT solutions division.

Submit a Comment

Your email address will not be published. Required fields are marked *