The Advanced Cyber Security Check List
Cyber Attacks have changed character over the last couple of years, and we now see a larger amount of ransom attacks, compromising small and large businesses alike. Therefore, Cyber Security should be one of the biggest priorities when organisations plan for strategic stability in their businesses.
Is it time to review the Cyber Security in your business?
Following our blog ‘The Basic Cyber Security Check List’, we now take a step further to explain all the advanced features, business should keep in mind, when planning for strategic stability in their organisation.
Cyber Essentials is a government-backed scheme that recognises a business for meeting best practices security standards. It is more common place now for prospects to ask if a business has Cyber Essentials, and some companies won’t trade with you if you don’t have this.
An offboarding policy is essentially a checklist of items that need to be actioned when an employee leaves the business. From a security perspective, this will include disabling the user from a server or cloud access. But there are typically many other access rights that need disabling. Ensure that you have a comprehensive offboarding policy that revokes user access to all systems.
The fines for not being GDPR compliant can be significant. Broadly speaking GDPR advises that you must take “reasonable measures” to secure personal (PII) data. To achieve this, we recommend seeking advice from a GDPR specialist. This advice will often result in having a data map, GDPR policy and GDPR training for your employees.
Dark Web Scanning
Many of the breaches we have seen over the last five years have been caused by a threat actor using someone’s username and password to gain access to a system. Usernames, passwords and personal data are continuously bought and sold on the dark web. It is now possible to scan the dark web for information about your companies domain name. The scary thing is, We are yet to run a scan for a business, where it picks up zero results. Ensure that you monitor the dark web for breaches or run annual dark web scans.
We run attack simulations to see how end-users respond to certain types of security threats. These results are recorded and used as a training tool. We never advise this to be used to single out individuals, but only to gauge a businesses level of preparation for a real security threat. A typical attack simulation would be to send users an email, phishing for their password. The attack simulation can record who opened the email, who clicked the link and who provided credentials. To stay on top of attacks, we recommended running attack simulations twice annually.
Over the next three years, cyber insurance will become as common for businesses as company car insurance! Depending on the type of insurance, this protection offers financial compensation for damage caused by the breach and for any ICO fines. In most cases, you also get access to a cyber response team if a breach takes place. You can opt-in for free cyber insurance when you pass your cyber essentials certification.
BYOD or “Bring your own device” presents a big security threat. It is commonplace for remote workers to use personal devices that store company data. It’s difficult for a business to ensure that these personal devices conform to the security standards that they need. The most secure solution is to prevent access to systems from personal devices, or have a strict policy that governs the types of devices that can connect.
What About The Basics?
Alongside adding the advanced features to your business, you must make sure that you can check the box of all the basics.
Read our blog ‘The Basic Cyber Security Check List’, to make sure your business is protected!