Do you know what actions you can take immediately that will reduce your cyber risk? This guide will share 5 areas that we recommend you review today and make changes to improve your cyber security posture. You’ll find the quick summary at the start to save you time and cut to the key points you need to know. The rest of this blog will give you the detail so you understand the importance, as well as help you gain the knowledge you need.
- Everyone is at risk, including not for profit/charities.
- Cyber and information security is not complex, not expensive
- There are many types of attacks and threats, not all of them are external.
- You cannot ignore cyber risk, you must at minimum assess it to make an informed decision on your next actions.
Cyber Risk
Cyber risk is the chance of exposing business information and IT & communication systems to an unauthorised person or circumstances capable of causing loss or damage.
Business information; information that holds meaning, value or significance for your business.
Before you can begin to address cyber risk in your organisation you need to understand this.
The industry standard for assessing IT systems and applications is known globally as the CIA Triad. This is made up of 3 key concepts; Confidentiality, Integrity & Availability.
This is also part of Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.
There are some immediate actions we recommend you take which will reduce your risk;
1 – Backup your information & data
Given how much you rely on your business information/data to operate it is critical that you have a backup. You will need this to restore your data after any kind of disaster, including; fire, flood, cyberattack, theft or damage.
- Identify what data you need to back up and how often
- Keep your backup separate (physically and digitally) from your IT systems, consider the cloud
- Test your back up
Make backing up data part of your everyday business operations.
2 – Protect against cyberattacks
There are many types of cyberattack, below gives you some simple checks to reduce the likelihood of an attack.
- Install (and turn on) antivirus software
- Prevent trustees, volunteers or staff from downloading dodgy apps
- Keep all your IT equipment and software up to date (patching)
- Control how USB drives (and memory cards) can be used
- Switch on your firewall
3 – Keep smart phone and tablets safe
Agile and remote working is a way of life these days, this means we are more dependant on mobiles and tablets. Security on these devices are often overlooked, below provides a few tips to keep these devices secure.
- Install (and turn on) antivirus software
- Prevent trustees, volunteers or staff from downloading dodgy apps
- Keep all your IT equipment and software up to date (patching)
- Control how USB drives (and memory cards) can be used
- Switch on your firewall
4 -Use passwords to protect your data
Passwords, most talked and least loved part of everyday life you live in. These are free, easy and effective ways of preventing anyone accessing your device, if they are implemented correctly!
- Make sure you switch on password protection; password, PIN (6 digit), fingerprint & facial recognition.
- Avoid using predictable passwords; they should be easy to remember but difficult to guess.
- Change all default (manufacturers) passwords
- Use two factor authentication (2FA) for ‘important’ accounts, this an extra “proof” of identity before you can access information. This is small effort but adds a lot of security.
- Keep passwords separate, use different passwords for work and personal.
5 – Avoid phishing attacks
One of the most prevalent types of cyberattack in the UK. Typically, fake emails are sent to thousands of people in the hope of obtaining your personal information or your money!
- Know what a phishing scam looks like
- Email from public domain e.g. @gmail.com these are not usually used for business emails
- Domain is misspelt e.g. @micorsft.com
- Email is poorly written e.g. bad grammar, misspelling etc
- Message gives a sense of urgency e.g. suspended service, account locked, suspicious activity on an account etc
- Don’t click on that link or open an attachment unless you are sure it is a legitimate email
- Don’t give out important information unless you must
- Don’t be tempted by those pop-ups
- Don’t give your information to an unsecured site; check it starts with “https” and the padlock is visible
If in any doubt, STOP! Report this to IT and contact the sender directly (do not use contact details in the email) to verify the email.
We hope you have found this guide useful, it is part of a series which can be found on our here on our website.
Our team can be reached on 03300 0241666 or contact@net-defence.co.uk should you have questions or what to better understand what your business needs.
