We thought 2017 was particularly bad for cyber security threats. WannaCry (on which I’ve only just gone and written a one-year update), Peyta/NotPeyta…. The monthly rate of ransomware attacks against UK organisations increased up to 10 times the rate of 2016. But 2018 is set to beat every record made in 2017. In January alone, there were 7,073,069 attacks on UK organisations, and that number is set to soar throughout the rest of the year. The threat that a cyber attack poses is only getting worse. There were constant instances of security breaches being plastered over the news in the first half of this year alone; Ticketmaster, University of Greenwich and Timehop are only a handful of high-profile examples. So it’s not really a surprise that security and risk management were rated the most important priority in 2018 for CIOs in NASCIO’s November 2017 survey.
Panicked? Sorry, you weren’t supposed to be. In reality, all organisations- big or small- should expect a security breach at some time or another. There’s no way of avoiding it, but there is a way of being prepared. I’ll stop waffling on and get to the good stuff; how you can develop a cyber security policy and improve your best practices so that when disaster strikes, you’ll already be sorted. Mostly. (And if you do happen to face/be facing a security breach I’ve got you covered)
If you’ve got software and systems, update!
It’s really a no-brainer; IT needs to be updated regularly. Maybe in the 90s or early 00s you could get away with only updating whenever you happened to fancy the latest version of Windows to replace your current Windows 95, but it’s not the case now. With the internet, automatic updates are here to stay- whether we find them an annoyance or life-saving. Windows 10 only has two major updates a year and countless little ones that improve so much about the platform- including its security. After all, it was a dodgy unpatched Windows system that started the whole WannaCry debacle. So guys, make sure you update!
Understand the cyber security risk in relation to your organisation
Your organisation depends on a lot of things. Digital processes, data, systems, and your employees mastering the trick of gossiping and doing their work. All of these (minus the employee issue) are vulnerable to being manipulated. The whole point of a robust cyber security strategy is to protect them against fraud, theft of sensitive data and business disruption- along with the risk to your reputation along with it all. Your entire organisation has to work together to protect these vital processes from the threat. Thankfully, here at Cetus, we understand just how important it is to keep everything ticking along smoothly. In fact, we offer a complimentary security posture review to ensure that your business has the necessary security that it needs. We analyse where your organisation is exposed to security risks and provide you with recommendations on how to address them. Our finished report will analyse your network traffic to detect security threats; malware infections, usage of high-risk web applications, intrusion attempts, loss of sensitive data…. The list goes on. It will also evaluate your organisation’s end-point security, focusing on mobile management, user rights management, advanced end-point protection, patch and user rights management, and enterprise file sync and share. Importantly, the report will assess any threats posed from within your infrastructure – east-west traffic, privileged user access and user access rights. Basically, your entire infrastructure will be analysed to make sure that as little of the bad stuff as possible can breach your systems.
Taking a look at your social engineering
This is an interesting one. If you’ve never heard of this before, it’s basically GDPR handling in the office. We’ve all been panicking as we worked towards the deadline on May 25th, but privacy protection doesn’t just end there. Social engineering can be the simple calling out of a password to another co-worker behind them, or the more serious incident of pulling up a website at work and volunteering passwords and other vital information that can end up in the wrong hands. Hell, someone on the end of a phone saying the right things with the right amount of confidence could potentially sweet-talk the more trusting to give out a piece of information- and sometimes that’s all they’ll need.
Perform regular data backups
I’ll try and keep this one quick because here at Cetus we rabbit on about them all the time. Backups are great. Should you have the misfortune of having a ransomware attack, having a copy of the data that’s held hostage can be a life saver. Firstly, you’ll know exactly what data the hackers have- or if they gained access to personal information that could cause problems-, and you won’t have to worry about data loss regardless of whether you pay the ransom or not. Backups; if you haven’t got them sorted what are you waiting for?! With so many types of backups to choose from, from tape to replication (we suggest keeping up with the times and trying out Continuum), there’s no excuse not to have that sweet disaster recovery/business continuity plan in place.
Lock everything up tight
There’s no point in having the best firewalls money can buy, along with the most secure cyber security solution, and cyber attack just-in-case plan of action if a criminal can just waltz through the front door and calmly collect all of your information on a USB. If your sever room (or server part of the floor as the case may be) isn’t locked up tighter than Alcatraz then eventually there’ll be a problem. Remember, not everyone in the office needs access to the servers!
These are the most basic points to note for a cyber security strategy. Cyber threats are real and preventing attacks will always be a better alternative to reacting to one after it has breached your infrastructure. One of the most important in the list is understanding the cyber security risk in relation to your business. Make sure to book a complimentary security posture review today, and take the biggest step towards securing your infrastructure or speak to one of our cyber security experts today.
Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.