10 Steps To Cyber Security

There are a number of reasons as to why individuals may attack you or your company. Cyber criminals are interested in making money through fraud or from sales of valuable information, which they get from cyber attacks. Most hackers will find joy in hacking into networks and servers simply because they like a ‘challenge.’

These 10 steps will help protect your organisation from falling victim of a cyber attack.

Set up your Risk Management Regime

  • Assess the risks to your organisation’s information and systems with the same vigour you would for legal, regulatory, financial or operational risks. To achieve this, embed a Risk Management Regime across your organisation, supported by senior managers and the board.

 

Network Security

  • Protect your networks from attacks whether that be external or internal.
  • Filter out unauthorised access and malicious content by defending network perimeters.
  • Always monitor and test security controls.

 

Network security is there to block unsecured or unnecessary services or they can allow permitted websites to be accessed.

 

User Education and Awareness

  • Produce user security policies.
  • Covering acceptable and secure use of your systems.
  • Include staff training and maintain user awareness of cyber risks.

 

Make sure to train all users to consider what they include in public documents and web content. They should also be aware of the risks involved when discussing work-related topics on social media as this can lead to phishing attacks.

 

Malware Protection

  • Produce policies which are relevant and establish anti-malware defences within your organisation.
  • Scan for malware across your organisation.

 

By having malware protection, it will block any incoming malicious emails and prevent malware from being downloaded by visiting websites.

 

Removable Media Controls

  • Come up with a policy to control all access to removable media.
  • Scan all media for malware or malicious software before importing onto the system.

 

Secure Configuration

  • Apply security patches and ensure the secure configuration of all systems is maintained.
  • Create a system inventory and define a baseline build for all devices.

 

Restrict system functionality to the minimum needed for business operation. Apply this to every device that is used to conduct business.

 

Managing User Privilege

  • Establish effective management processes and limit the number of privileged accounts.
  • Limit user privileges and monitor user activity.
  • Control access to activity and audit logs.

 

Incident Management

  • Establish an incident response and disaster recovery capability.
  • Product and test your incident management plans.
  • Provide specialist training to the incident management.
  • Report any criminal incidents to law enforcement.

 

Monitoring

  • Establish a monitoring strategy and produce supporting policies.
  • Continuously monitor all systems and networks.
  • Analyse logs for any unusual activity that could indicate an attack.

 

Monitor and analyse all network activity to identify any malicious or unusual activity.

 

Home and Mobile Working

  • Develop a mobile working policy and train staff to adhere to it.
  • Apply the secure baseline build to all devices.
  • Protect data in both transit and at rest.

 

The average cost of a security breach costs between £600k-£1.15m, so make sure you’re keeping on top of your security systems and how you’re managing your security policies. Every organisation is a potential victim.

 

If you would like advice on any aspect of your companies IT security, please contact the team today on 033 000 22 000