Cyber Security Checklist: Protect your business in 10 steps
You may remember a recent article we posted in which we detailed the security breach of a local company who lost £100,000 to an accounting software based hack.
While this breach was extremely uncommon and we have a lot of faith in the structural integrity and cyber-security of the accounts software we work with, businesses need to be aware of modern cyber security risks and must keep in mind that the techniques and tools used to hack businesses are constantly evolving and developing to outsmart standard security software.
The reality is that cyber-criminals are getting better and better at what they are doing, and the businesses that are being targetted aren’t keeping up with the pace being set by these professional hackers. It’s an arms race that’s impossible to predict, and we think more really needs to be done to help put the businesses back in the lead.
And so, to that effect, we have put together a checklist of our top 10 cyber security essentials for businesses from our resident security expert, Tony Pearson. From small, medium or large enterprises; follow this list and you’ll be ahead of the hackers – an impenetrable business at the vanguard of cyber security.
1. User Education & Awareness
Your weakest security point will always be your employees. They have a critical role to play in keeping your company cyber-secure and should be educated to understand the responsibility they have and how integral they are in the keeping the company safe. Run some awareness campaigns, hold a cyber security meeting, just make sure they know the behaviours that can lead to a security breach and how they can avoid letting malicious software in. They majority of cyber-crime incidents occur purely down to user error; opening an email, clicking a spurious link, plugging in an infected USB – these are common ways that small mistakes can cripple entire companies.
2. Secure Configuration
‘Securing your configuration’ essentially means you need to establish a water-tight IT network within your business – remove or disable unnecessary functionality from systems and make sure you are able to fix known vulnerabilities and weak spots via patching. Try to consider the security of your passwords, be careful about what you install and ensure all your essential software is updated. This is all about ensuring you don’t have any weak links in your system network.
3. Network Security
This is all about securing your internet connection within the company. Think about where your data is stored and processed online – the use of mobile working and cloud services mean that it’s hard to define the boundaries of your companies network but by considering your network architecture and implementing security processes and software, you can lock down all access to your network. Your company has a large digital footprint nowadays, and any weak points can serve as an access route for hackers.
4. Managing User Privileges
Exactly what it sounds like, this is all about monitoring the levels of user permissions distributed to the employees of your company. Handing out higher level, or even admin, privileges on your local networks can have severe consequences if misused and the simple fact is very few of your employees actually need these privileges. The fewer people who can make system-breaking changes, the better. Leave it to your experts – Jill in HR doesn’t need to be a system admin.
5. Risk Management Regime
This sounds complicated, but it’s actually a very simple concept. The idea behind our first checklist point is to ensure you have a clear protocol in your business when dealing with an identified cyber security threat. Who do your employees alert when they see something suspicious? How does that person respond? What digital assets need to be protected? All you need to do here is assess your organisation’s information and systems, and work out how you would begin to cope with a threat that gets in. For advice on this, contact us directly and we can talk you through establishing your Risk Management Regime.
6. Malware Prevention
Malware is an umbrella term used to describe all malicious code or any content that could be damaging to your system. You normally get malware in your system through a dodgy download or an email – any exchange of information carries the risk of malware being exchanged. Implement some anti-malware programs in your system – we recommend Sophos Endpoint but there are a huge number of developers out there fighting the good fight and creating software to protect systems from malware.
7. Incident Management
When a security breach happens, you need to know what to do and how to handle it. How do you inform your customers that you have lost their private information without ruining your reputation? How do you reduce the impact of the breach and stop it before it gets worse? How do you fix the problem and stop it from happening again? There are no simple answers to these questions and there’s no easy way of implementing your incident management procedures, you may need expert advice and some physical help from a third party – but ensure you have a policy and you’ll be able to do some damage limitation should the worst happen.
System monitoring gives you the capability of detecting successful and attempted cyber-attacks on your systems. This is an important step in establishing your cyber security procedures as it will allow you to see where malicious content is getting into your business and lets you strengthen those areas in response. Identifying the threats to your business is something we feel every business needs complete transparency on – but again, this isn’t the easiest task in the world, so get in touch and we’ll be able to advise you on the best way of handling it for your business.
9. Removable Media Controls
Removable media refers to anything that can be plugged into your computer, this generally means USB’s but can sometimes refer to external devices and hard drives. Controlling the entrance of these devices to your system can be a key to security as a large proportion of malware can be introduced via infected USB devices. Make sure your employees use approved devices distributed by yourself and that they are regularly checked by your IT team for malicious content.
10. Home & Mobile Working
Welcome to the digital office – it’s in your pocket, omnipresent and constantly nagging you to check your emails. While remote and mobile working offers some huge benefits to your business, it also opens up a whole new avenue of risks that need to be managed. All your security procedures, training and systems need to extend to mobile and home working devices. A single weak link can bring down your business; all your network security investment and hard work will be pointless unless every single device connected to the business is protected.