October may be the season for Halloween, autumnal leaves and cosy jumpers.… but October also marks the 17th National Cyber Security Awareness Month! This awareness campaign acts as a valuable reminder for organisations to evaluate the effectiveness of their Cyber Security controls, internal processes and data protection measures. Here at Equilibrium, we have joined the national campaign to raise awareness about the importance of Cyber Security for businesses across the UK.
Just like they say 'a puppy is for life, not just for Christmas', cyber-awareness should be a business focus all year round, not just October! However, NCSAM can still be used as an opportunity to start developing stronger security practices.
Living in the Covid19 era, this annual event is more important than ever before. At the start of the pandemic, businesses were forced to quickly implement make-shift remote working strategies. Whilst most firms were able to maintain connectivity throughout lockdown, without the blissful protection of their office-based security measures, they were suddenly at the mercy of internet criminals. Unfortunately, as business owners were struggling to keep afloat, hackers were busy devising largescale Covid19 scams, targeted attacks and generally reaping the rewards of the global pandemic.
8 months later, although many firms have now implemented a more robust remote working strategy, too many businesses are still left with gaping holes in their security defenses. In order for these businesses to remain operational throughout the difficult months ahead, vulnerabilities need to be patched, security gaps need to be mitigated and devices need to be hardened.
9 ways to improve the security of critical data in the Covid19 era and beyond
Regular penetration testing:
2. Preventing email spoofing:
Over the past 8 months there has been a sharp rise in phishing and email spoofing attacks. Although spoofing your email domain is not a difficult tactic for bad actors to implement, there are ways that you can protect your brand from being used in such attacks. By deploying anti-spoofing controls such as DMARC, SPF and DKIM, you can reduce the risk of your domain being used for spoofing scams. Products such as Redsift’s ONDMARC not only reduce the risk of spoofing, it also provides in-depth visibility into who is sending on your behalf, where your domain is being used and how many of your emails are passing DMARC validation. Preventing spoofing attacks is especially important during the Covid19 era as it helps to protect the integrity of your brand trust for both customers and suppliers.
3. 2 factor authentication:
Passwords alone are a very weak form of protecting businesses critical accounts and data. However, by having a MFA solution such as Cisco Duo, there is an extra layer of protection for all of your private accounts. Therefore, even if a hacker got hold of your password, without access to your 2FA they are unable to gain entry to your corporate applications. Introducing a company-wide 2-factor authentication policy, is one of the simplest ways of reducing cyber-risk for your business.
4. Cyber Essentials Plus:
Cyber Essentials (CE) is a government-backed Cyber Security certification scheme that sets out a baseline of Cyber Security suitable for all organisation's. The scheme’s five security controls can prevent “around 80% of common cyber-attacks”. The certification is a valuable indicator that the organisation has taken the necessary measures to bolster Cyber Security and reduce the risk of a cyber-attack. Cyber Essentials Plus provides a higher level of assurance; it involves us independently auditing your systems utilising many vulnerability tools that actually test the measures put in place. The process can identify areas of security weakness that you may not have been aware of.
5. Software updates:
This may seem like an obvious one, but if businesses do not have stringent policies in place to ensure software is updated, security flaws can fester across your IT ecosystem. Solutions such as Cisco Duo can be configured to require employees to update software before accessing devices and systems. If they ignore this recommendation, access will eventually be revoked. Lack of software updates are a common cause of Cyber Security breaches. Updates not only remediate critical vulnerabilities, they also provide the newest features.
6. Phishing simulation campaigns:
How cyber-aware are your employees when it comes to phishing scams? In recent years, these scams have become far more targeted and difficult to identify, (especially during the lockdown period). However, by offering regular cyber-awareness training exercises, your workforce can learn to recognise friend from foe. Here at Equilibrium, we offer a Phishing Simulation Service. This not only tests the cyber-awareness of your workforce, it also provides comprehensive training for those who are duped into clicking on the faux-malicious links.
7. Proactively hunt for cyber-threats:
In today’s dynamic threat landscape, you cannot simply sit back and wait to be alerted to cyber-threats. You must be able to proactively take control of malicious attacks in your environment. To do this, you need advanced security tools which benefit from real-time cyber-threat intelligence. Our advanced security controls benefit from Talos threat intelligence, one of the largest threat intelligence research teams in the world. They block 20 billion threats and analyse more than 600 billion emails daily. With Cisco, your business will receive industry leading threat intelligence and advanced cyber-protection.
8. Back up your data:
It is important to keep regular back ups of your critical data in case of a breach, ransomware attack or system failure. For obvious reasons, backups reduce the impact of cyber-breaches. For instance, if a company suffered a ransomware attack and all critical data was encrypted and inaccessible, they may be left with no option but to pay the ransom. Whereas, if they had backups of their business-critical data, downtime would be reduced and the overall impact of the attack would be much less severe.
9. Access management:
Most employees don’t need to have access to every application or data source as it increases the risk of data loss. For example, if one were to click on a phishing link and provide their Office365 login credentials, a hacker would have access to all of your critical information. To protect the integrity of these systems, employees should have the correct level of privileges. This also means they cannot make unwarranted changes to systems which should be controlled solely by the administrator.
Do you plan to improve your data security this Cyber Awareness Month?
As security specialists we can offer expert advice to help protect data, applications, and workloads to keep businesses protected from advanced threats. If you would like to discuss how we can help improve the security of your data this October, please do not hesitate to get in touch using the details below.