The threat of cybercrime is reaching an all-time high. Recent reports suggest as many as 39% of businesses have suffered cyber attacks or breaches over the past 12 months.
In this article, we look at 6 practical measures you can take to protect your organisation from cyber attacks and also provide some advice and guidance on further measures you can take to protect your organisation from cyber security threats and breaches.
Implementing these steps should be an absolute necessity for all organisations when it comes to cyber security training, regardless of sector or size. No organisation is too big to fail and no business is too small to be a target.
The number of scam emails and phone calls targeted at businesses is ever increasing. Recent figures suggest 90% of all incoming cyber attacks originate from phishing emails and providing your employees with adequate training on how these scams work, how to detect them and what to do when facing them will significantly improve the human element of your security posture.
Using strong passwords is integral, not only to your organisation's security but also to the security of any account you have set up. At SES we advocate using memorable, three-word phrases as passwords which include a combination of upper and lower case letters, numbers and symbols as this makes them much harder to crack.
Using a password manager to store all of your passwords in a secure location and ensuring you don’t reuse passwords for multiple accounts will also increase your security posture.
In addition, we recommend visiting haveibeenpwned.com to see if your log-in credentials have been compromised for any of the accounts you hold, then changing passwords for any of the accounts which appear on the list.
In addition to using strong passwords, you should introduce 2FA to all accounts which support it. 2FA requires an additional form of authentication, such as a fingerprint, facial recognition, a text with a code or a code from an RSA token on top of your standard log-in information, to unlock the account you are trying to access.
Ensuring you have installed the latest updates to your applications and operating system is essential to patch known vulnerabilities and exploits. Ensuring you update promptly once patches have been released is integral as malicious individuals will use patch notes to identify which vulnerabilities were fixed and then create exploits to attack the pre-patch vulnerabilities.
In addition, Installing anti-virus protection is also important to scan your systems regularly and ensure any malware is eradicated.
Performing regular backups of your business critical data (daily, weekly and monthly) will help you to defend against a number of malware threats. Regular backups enable you to maintain a secondary, clean and offline backup that can be deployed to restore your systems to a previously uninfected state, should your business be affected by malware.
Ensuring all employees have their own personal login credentials ensures that each employee only has access to the technology and area of your network they require to perform their role.
Segregating your network means that in the event a malicious individual was able to breach your defences, their lateral movement would be restricted, as would the damage and disruption they would be able to cause.
Setting privileges also ensures that employees can only access the company data they need, preventing unauthorised access to company computers, accounts and data, reducing the likelihood of breaches from within.
Whilst implementing these 6 steps will help you begin to improve the security culture within your organisation, there are still additional steps you can take to improve your security posture within your organisation and defend against incoming attacks.
SES recommends beginning by becoming Cyber Essentials or Cyber Essentials Plus certified. The Cyber Essentials scheme is a Government-backed certification required as the minimum standard for UK Government suppliers or organisations bidding for Government contracts that handle any sensitive or personal information. Compliancy also helps you to meet the security requirements of the General Data Protection Regulation (GDPR).
Secondly, holding Cyber Essentials or Cyber Essentials Plus Certification demonstrates that your organisation meets necessary security standards and has implemented appropriate measures to minimise risks.
In addition, creating a robust Incident Response Plan which you can follow in the event of a successful breach. This will give you a clear set of actions to take control of the situation and swiftly remediate.
Performing regular Vulnerability Assessments and Penetration Testing once a year or after each major version change enables you to review your systems and networks for vulnerabilities an attacker could exploit.
Finally, performing Phishing Assessments on your organisation will showcase your employee's ability to identify and avoid falling victim to phishing emails. Training can then be conducted to increase your employee's knowledge of these threats and improve their capability to deal with them.
If you would like to discuss your organisation's security in more detail, please get in touch to speak to one of our specialists.
© SES Secure Limited and ses-escrow.co.uk, 2022. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.