Top 10 tips for protecting your business with Cyber Security
Today we’re going to talk about protecting your business through using Cyber Security.
First up, Anti-Virus, this is always a bit of a controversial one, depending upon who you speak with, but I always recommend that its installed and licensed on all systems possible. For Windows computers, just using Windows Defender can help.
In my opinion, more is better, it can still help you protect yourself against ransomware and malware attacks and is your last line on defense in many ways.
Number two is implementing appropriate email security. By ensuring you have proper controls in place at the email layer, your protections will ensure that any email-based threats are blocked at the border before they get into your inbox.
This helps to ensure that your users are not having to manage and try to identify which emails are spam/junk/malicious. This helps to free up your user’s time for more productive activities.
Number 3, web security, web security helps you protect your users from accidently clicking on malicious links or visiting malicious websites. By having this security in place, you can help to ensure that your users are not accidently running or visiting sites they should not be.
Most of the time, email and web security come as part of the same package. Sometimes they can also be implemented through your email solution, making it easier to deploy and manage, as well as reducing overall cost.
Number 4, password management. Make sure that your users are using complex secure and unique passwords for all services. This can be helped through using password managers to generate strong unique passwords. Probably the hardest part of implementation for this one will be user training, to get them to think about using strong passwords and using a password manager to create and store their passwords.
Number 5, two-factor authentication, two-factor authentication should be used where available, it helps to add that additional layer of safety. So, if someone manages to guess or grab your username and password for a service, having an additional layer of protection configured ensures that most of the time malicious attackers won’t be able to gain access to your systems.
Two-factor authentication is not available for everything but should be used where available.
Number 6, software patching, patch patch patch. Make sure that everything is kept up to date, not only for your Operating Systems, but also for your applications, firmware, drivers. Remember to update your printers, switches and routers as well.
Ensuring that your systems are kept up to date will ensure that you are not only protected against bugs, but also keeps you up to date with supported systems.
Number 7, physical security. This is one that is usually overlooked, but look at your physical security where your servers, workstations and laptops are kept. Are your servers stored in a lockable environment, where only authorised people can get access to them?
What about workstations and servers? Where are they kept? Do people take them home? How are they protected at home? This is a good one for your risk analysis.
Number 8, encryption, ensuring that you have full disk encryption enabled on your devices will ensure that if your device is lost or stollen that any information is unreadable unless you need the special code to unlock that information. Most devices come with some sort of encryption support which is free of charge. So why not enable it.
Encryption does not really slow your machines down now like it used to do in older days. Devices are quick enough to keep up with all the encryption actions.
Number 9, staff training, this one in eyes is an important one as your staff are the main people who access your information and are the primary people who receive emails and click on links.
Ensuring that your staff are training against cyber security, can identify phishing emails, know how to identify iffy links can help your business protect itself, it can also help them at home as well.
Lastly, number 10, backups, when was the last time you backed up, and actually checked that your backups are working?
Make sure that you backup everything that you need, but not only this, ensure that your backups are taken off site, which means that they are not kept in the same building as you work. Then regularly test to ensure that your backups work, by providing test restores to make sure that when the time comes, you can get your information back.
This also includes looking at your cloud-based systems, such as Microsoft 365, Google Apps, even your accounts systems, make sure that these systems are also backed up and tested regularly.
The last thing you want to do is have an incident, look at your backups to find out that you either didn’t back it up, or when you go to recover it, it doesn’t work.