Five essential tips to improve your company's cyber security
OmniCyber Security
Cyber security attacks and data breaches are an increasing trend.
In a recent report published by The Varonis Data Lab, it was found that more than 41% of companies had more than 1,000 sensitive files including credit card details, health records, PII among others left unprotected on their network.
The leak of this sensitive information could cost a business millions. It would therefore be a wise decision for companies who currently have little to no cyber security in place to think about implementing some measures – before it’s too late.
The following is a list of basic measures your business can adopt to help improve your cyber security.
1. Know your systems – Mapping out the functionality of all systems on your network will allow you and your security team to fully understand what each individual system should be doing, thus allowing you to spot potential vulnerabilities and attack vectors.
2. Data access control – Restricting access to information and services available only to the users who need it can greatly decrease the severity of a breach – should one occur.
When a hacker gains access to a system it is commonly done through gaining user credentials.
If only authorised users have access to sensitive information, it is less likely the hacker will gain access to anything of value.
This is because it will reduce the number of access points to the sensitive information.
If a hacker was able to access a user’s account, however that user was not authorised to view sensitive information, the severity of the breach would be much less and so would the potential implications of the breach e.g. financial costs.
3. Use a variety of passwords – This one should be obvious; however, we are still seeing employees of big companies using the same password for multiple accounts.
Should a hacker get one of your passwords they may gain a foothold for horizontal or potentially even vertical privilege escalation.
To further strengthen your passwords, it is recommended you use a password of a minimum of eight characters with a mix of upper and lowercase letters, numbers and symbols.
4. Apply updates IMMEDIATELY – This is seen so regularly on work computers; an entire collection of updates waiting to be installed.
Often several gigabytes large. As soon as you get an update, install it.
These updates often contain vital patches to vulnerabilities that have been discovered within the system software or application and could be exploited by hackers to gain access to your systems.
The Wannacry ransomware was a prime example of why companies need to update their systems.
In 2017, the NHS suffered a severe ransomware attack which crippled over a third of NHS trusts in England.
More than 6,900 appointments had to be cancelled with a total of 19,000 appointments being affected as a result.
5. Create an incident response plan – Creating an incident response plan is essential for all businesses.
An incident response plan can greatly aid a business in identifying, responding to and reducing the damage caused by a security breach. A basic incident response plan will aim to outline:
* Train users and IT staff to handle potential incidents should they arise. * Establish whether an event is a security incident.
* Limit damage from the incident and isolate the affected systems to prevent further damage. * Find the incident's cause and remove affected systems from the network.
* Once the cause has been removed, re-introduce quarantined systems back into the network.
* Document the incident and analyse how it happened so staff can learn from it and improve future response efforts.
Although this list does provide some advice regarding the implementation of various cyber security measures to help in protect your data, these tips only scratch the surface and should in no way be taken as comprehensive guide.
The more layers of cyber security in place, the less likely you are to suffer a data breach.
For more information on how you can protect your company’s data, visit OmniCyber Security (https://www.omnicybersecurity.com) email info@omnicybersecurity.com or call 01217092526.