In our previous article we explored the importance of an effective cyber security strategy in modern business, we took a close look at some of the most common methods used by cyber criminals to attack your systems and concluded that cyber security has arguably taken pride of place over even the physical security of your organisation.
In the remainder of this article we will explore some of the most integral cyber security measures that will equip you and your team for an effective defence against a strategically planned cyber attack.
The Cyber Security Fundamentals
Good data backup
Cyber attacks are happening all the time, in every industry, in every country in the world. It is this reason that makes it essential you always have current backups in the event of an attack, because you never know when you may become a victim. It is important that you have a strategy in place that ensures your IT systems and essential data are safeguarded to the best possible standard. The survival of your business relies on them, so you must be sure they are safe.
Use the 3-2-1 backup rule, ensure there are three copies of your data – two of them on your choice of separate storage media, and one stored offsite – in the eventuality of a business defining disaster. By having three copies of your data, you will not only have a few fail safes in case of an occurrence, but they will also allow you to rest easy with the assurance that your business can still operate effectively in the event of an attack.
Like your physical security, it is – unfortunately – impossible to guarantee cyber security. New methods of attack are being developed daily so eradication of cyber threats isn’t the goal but about how you manage the risks going forward.
Data backups are the number one tool in your cyber security arsenal. We know it sounds negative when we talk about preparing for an attack, but don’t forget the number one goal – and the reason for implementing these measures – is to keep your business operational, no matter the circumstances. Data backup gives you the opportunity to make guarantees to your customers that were previously not possible.
Secure passwords
Passwords are already a major part of our lives. We should all know the basics of password good practice – don’t use common letter or number sequences, words or phrases that have personal meaning to you, or the same password across multiple accounts. But there are more steps to good password practice that make them far more secure, which are as follows:
- Ensure that your team follows a strict set of pre-determined rules when creating their passwords. Following these rules will enable passwords to stand up against the cyber criminals trying to breach them.
- Use multi-factor authentication where it is available.
- If it is too easy to remember – change it! Avoid easily recalled sequential passwords, recurring numbers (such as 1234, 6789) as well as frequently used words.
- If possible, make sure your password is over ten characters long and contains a combination of letters, numbers and even special characters – when it comes to passwords the longer the better!
- Use upper and lower-case letters.
It is highly recommended that you periodically change your passwords; accounts can be hacked without the knowledge of the account holder, so it makes sense – even if you have no suspicion of suspicious activity – to change it now and again.
Passwords are the first line of defence for your systems. We get why people make their passwords easy to remember and simple to write – they are simply thinking of the ease of their experience and work is hard enough already without adding to work processes. But, making things ‘easy’ could be jeopardising the very survival of your business. Good passwords are a necessity and not a choice!
Manage permissions
It is essential that you manage permissions to your system. Your users should only be granted access to accounts that are required for them to perform their role. Data loss, theft, or – if the attack is particularly sophisticated – deliberate changes to your security settings, could facilitate future attacks. Only giving access as required lessens the likelihood of a user accidentally granting access to a cyber criminal.
Anti-Malware measures
Anti-Malware software MUST always be downloaded on your laptops and computers. A lot of the good operating systems often come with a free version as standard – which can be described as okay at best, but under no circumstances is this free version good enough for business use. It must be replaced with quality rated software as soon as possible.
Data encryption
Theft is not the sole aim of cyber criminals – their aim is, in fact, to encrypt your data. So, you need to beat them to the punch. This sounds confusing, I know, so let me explain. By encrypting your data, you hold ‘the keys to the kingdom’ – you must always have control.
Education
Your team are the most important line of defence for your organisation. They are targeted due to their usual ignorance around the importance of cyber security, so, to counteract this, they must be equipped with the knowledge of not just what to look out for that could be a threat but also how to use the various security tools at their disposal, and their role in the defence of your system.
Implement an IT Security Policy
You must have an IT security policy; it must be clear and concise – and both you and your team must be clear on it. It is essential that your entire team know and sign it regardless of their dependence on IT. (They may only use IT for something relatively small in the grand scheme of things, but that individual is still on a system which contains information that in the wrong hands could be business debilitating.) Your IT security policy will make your organisation more secure before you’ve even implemented any new technologies, because if everyone knows what their role is in the pursuit of a cyber secure workplace then that is arguably even more valuable than any tools you can buy.
The policy must be meticulously constructed and contain the security guidelines and obligations of the team, both when working on premise or remotely. The policy will allow you to feel safe in the fact that your team not only know how to conduct themselves in the most secure way possible but also that they know how important their role is in the safety of the organisation. Whether they consistently do this is another thing, but once they have written their signature next to the procedure you can relax knowing they have read and understood what is required of them. This, of course, means that you are within your rights to take action if they don’t behave as they promised to.
We hope that these two articles have put you in good stead to not only know what threatens your organisation but also what your and your team’s roles are in the defence of it. This can all seem a bit much – it is a lot of information to take in – so, if you are struggling, please don’t hesitate to get in contact with our team for expert IT consultancy.
Your Cyber Security Partner
Uptech is the leading IT support company in Kings Lynn and West Norfolk. We are passionate about the support we offer businesses like yours and also provide Enterprise-level tools, Cyber Security Solutions, and IT hardware to businesses in need of a helping hand. Established in 1994, Uptech offers High-end IT Services to Businesses with 5-200 staff, with multiple locations (including WFH), which enables them all to remain Connected. We have helped our clients to progress and improve their IT, and so become more profitable and productive. Contact us now to find out how we can help you.