Cyber Security Warning from the NCSC – Prevention is better than Cure
Here at Corbel in Ipswich, your local?IT Support?and?Cyber Security?Services provider, we believe that prevention is better than cure and that’s certainly the case when it comes to IT Support Services and specifically Cyber Security. Businesses targeted by cyber-crime fall into two camps: those who have prepared and those who haven’t.
The National Cyber Security Centre (Part of GCHQ) purpose is to advise UK business on Cyber Security with practical guidance to help make the UK the safest place to live and work online.
The threat we all face does vary over time, but with the current situation following Russia’s violation of the Ukraine’s territorial integrity, they have advised UK businesses to ensure that their Cyber Security offering is resilient, that the fundamentals are in place and of course tested.
Around 43% of all cyber incidents are aimed at small businesses – so now is the time to act.
There are a lot of things you can do to avoid becoming a victim of hackers. But it all starts with understanding what cyber criminals are after.
What are Cyber Criminals After?
1. Network data and control?– here’s where ransomware is first in the queue. Once it gets into your network, you’ll get locked out and all user accounts could become inaccessible… until you pay the ransom or restore from backup.
2. Product information?– hackers aim to steal a business’s IP, such as patent-pending designs, which they can then sell to your competitors.
3. Personal information?– most hackers aim to get hold of your team’s and client’s information, like social security numbers and financial data. Should that happen, it’ll leave you vulnerable to further attacks.
4. Corporate data?– here, the hackers’ goal is to steal account information of your management team and CEO. If that happens, it’ll cause massive damage to your business’ profits and reputation.
5. Digital infrastructure?– often, their goal is to infiltrate servers and hijack them for their own purposes.
Now that you understand the various types of threats, you can take steps to alleviate them.
Here at Corbel in Ipswich we have written a checklist of things you need to implement as a priority.?We all need to strike a balance in the measures we take to defend our businesses so this article aims to highlight the foundation level items you would need to consider and is not exhaustive:
1.?Create a Culture?of Awareness
Around 88% of breaches are caused by unsuspecting members of your team, so education around IT Solutions and cyber risk is a priority.?
Cultures can take time to grow and it’s not something that will happen immediately but if the right tools are invested in and your leadership team are setting an example, you’ll soon be able to create Cyber Security awareness for your company.
Generally, companies that get Cyber Security right are the ones where it is embedded into their company culture.?It should be made as much part of the day to day as turning the lights and heating off and setting the alarm at the end of the working day.
We have broken this down to 4 key stages:
The threat we face varies and it’s important to evolve your cyber security and your response to this on a regular basis.
If your team see managers sharing passwords, you are inadvertently sending out the message that it’s OK to be slack about cyber security.?A solid culture starts at the top and should be rooted into everything you do.
Your team need to see their effort is worthwhile, it is good to share with them suspicious activity and potential breaches to help with their understanding – they will really be able to see that they can make a difference to your overall Cyber Security.
领英推荐
Your cyber security strategy is all about lowering your risk around vulnerabilities and protecting your data.?Selecting the right?IT Services provider?will enable you to show stakeholders you are spending money wisely.
2.?Systems Patching
Updating and maintaining your software will keep you on top of any recent issues or bugs that have consequently been fixed. New versions are constantly being released and can provide stronger protection against threats as they evolve.?Have you patched your hardware? Is it up to date? What’s the worst that could happen if you left it?
Remember some of the infamous ransomware attacks that have crippled household name companies such as British Airways and the NHS, not to mention any number of smaller unnamed businesses, that are still recovering now.
Patches are released to stop vulnerabilities in the same way vaccines are developed to prevent you from catching nasty diseases, it is essential to have a documented patch policy and regular windows where this important element is undertaken.
If you have a managed IT Support arrangement this will form part of your IT Support and services contract and can be undertaken on your behalf on a weekly basis out of hours without any disruption to your business.
3.?Anti-Virus and Malware
Much like patching, it’s critical to keep your antivirus and malware protection up to date. Viruses might not be evident at first glimpse. Hackers are smart, underhand, and always evolving new ways to get into your systems. They can place hidden applications on your network, and steal data with which to hold you to ransom, or even get direct access to your financial systems.
And they don’t just pick on big companies, they look for operations with poor antivirus and malware protection, because it’s simple for them. Local companies in Ipswich, Felixstowe, Bury St Edmunds, and the surrounding areas have been compromised, and it has cost some of them tens of thousands to sort out.
4.?Firewall
Would you leave the front door of your house wide open when you go to sleep at night? Probably not, if you don’t want to give unwelcome guests access to your valuables it’s imperative that your door is closed, locked, and bolted.?Using the house analogy its essential to shut your doors and windows at the very least but ideally set your intruder alarm and ensure constant monitoring- it’s the same deal with your firewall.
5.?Access Controls
Access controls?limit access to information and systems. When applied effectively, they mitigate the risk of information being accessed without the appropriate authorisation and protect you from the risk of a data breach.
When it comes to protecting your company, access control is the way to go. Access control prevents people from breaking in,?helps you keep track of your treasures, and overall enables you to keep your company safe.
6.?Review your Backups
Scheduling daily backups to the?Cloud?will reassure you that your data is stored safely and up to date. By doing so, you are creating a copy in case the original copy is lost, damaged, or destroyed due to cyber threats.
You will want to test, test and test again so if disaster strikes you have peace of mind that your back-up process is working, documented and has multiple recovery points so it can be restored inline with your recovery objectives- before it starts to cost you money.
A backup solution should form part of your disaster recovery planning along with all elements of?IT Disaster Recovery.
7.?Phishing Simulation
Although instinct is to open every email that you receive, always be cautious of phishing scams. If you open a suspicious email, avoid clicking on any links or downloading any attachments as this could be dangerous for your data. Changing your email password and varying them across email addresses will aid further security.
By undertaking regular phishing simulation and training with your team you will be informing them of the types of emails they need to look out for and how best for them to handle.?It is recommended that Phishing simulation is undertaken regularly alongside training so that you can track the progress of your improving cyber security aims.
8.?2FA/MFA
Multi-factor authentication?is an?authentication method that requires your team to provide two or more forms of identity verification before they’re allowed access to a website, network, or application.?This is something you know such as your password and something you have, such as a uniquely generated code that can be managed on your mobile phone through an authentication app.
Whether you just want to meet compliance requirements or you’re looking to develop a powerful multi-layered cyber secure environment, your organisation needs to implement MFA. Passwords just don’t cut the mustard anymore and are not secure enough with the increasing cyber threat.?From simple relaying and spraying attacks to the more sophisticated threats of spear-phishing, cyber criminals have established countless tried and tested methods of stealing credentials and gaining unauthorized access to your systems and data.?Microsoft engineers have advised that 99.9% of the account compromise incidents they deal with could have been?blocked by a multi-factor authentication (MFA) solution.