With the growing reliance on IT infrastructure a business needs to maintain high levels of security in order to protect itself from attack.
Welcome to this introduction to cyber security awareness brought to you by DNA IT Solutions. This guide is one of a series that we hope will be useful to give you an insight into what you can do to protect your business from attack. Sharing these useful tips with your team could help protect your business.
A robust Cyber Security Plan will provide protection against theft of information, damage to equipment and prevent disruption of business services.
With smart devices becoming more common and wireless networks being used regularly certain checks and systems should be put in place to help protect a business.
A comprehensive security solution for the organisation is needed, however, this needs to run hand in hand with a well-educated user. The human can be the biggest threat to a business when it comes to maintaining security of data and access to sensitive information
Passwords
Sometimes when it comes to security it’s the simplest things are forgotten about. Having secure passwords can prevent hackers from accessing data. A secure password should contain a mixture of letters, numbers, characters and remember stronger is longer. It’s important that the same password should not be used for multiple applications.
Username and password based security alone is not adequate in many cases so that is where multi factor authentication (MFA) can provide additional safeguards. That may include pin numbers, maths equations, security questions or even biometrics or voice recognition.
Key Points
- Long passwords are more secure
- Do not share passwords
- Use a mix of characters, letters, numbers
- A different password for each access point
Emails
Email is still the preferred method of communication within the business world yet it can leave a business exposed to all sorts of issues.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. If an email looks suspicious don’t engage with it and do not open attachments unless you were expecting them. If in doubt, phone the sender to check it before clicking and creating an issue.
Your email gateway is the best defence against email threats. Sophos offer anti-spam technologies to stop ransomware emails, while antivirus scans for and blocks email-borne threats. Blocking emails with macro attachments can help you avoid another common ransomware technique.
Key Points
- Be cautious about attachments
- If it looks wrong don’t click or engage
- Don’t give personal information
- Put suitable technology in place to protect
Ransomware
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. A ransomware attack can leave an organisation crippled with the loss of access to files and a demand for payment. Businesses both large and small are increasingly under threat and the disruption it can cause can be devastating.
The risk can be reduced by ensuring you have reputable antivirus software and a firewall. However, it is important that all updates are completed promptly. The effects may be minimised if you have good backups in place so you can access and restore information if required.
Key Points
- Employ content scanning and filtering on your mail servers
- Keep up-to-date with relevant patches
- Be careful using public wireless Internet
- Have good antivirus software and a firewall
Mobile Protection
With remote and mobile working people are now using tablets and smartphones in the same way they used to use laptops. They are used in both personal life and now that has slipped across to work life also. It’s important to protect both the user and the device to prevent any security issues.
The first step would be to ensure anti-malware software is installed on all mobile devices and that passwords used are secure. There are many other features that can be employed such as lost device and wipe clear applications in the event of a misplaced device.
Key Points
- More secure passwords
- Ensure protection software is installed
- Be mindful when using public wi-fi
- Be extra careful to avoid loss of device
Protecting sensitive information
With the onset of GDPR is it more important than ever to ensure we have control over our data and who has access to it. Information in the wrong hands can cause untold damage to a business. Data that is stored within the organisation should have a backup in case of loss. To increase security only reputable sharing platforms should be used. Employees should not copy information to a public sharing platform that may not as secure.
Data can be encrypted to increase security so when it is moving between devices it is more secure.
Key Points
- Use only secure sharing platforms
- Encrypt sensitive information before sharing
- Create a back up
- Set authorisation access levels