Cybersecurity tips – Ensuring that an organisation is protected from cybercrime can be a complex, time-consuming and costly process. Rather than publishing a set of predictions for 2020, we thought it would be more helpful to prepare a practical guide to what we believe are the essential cyber security activities for all companies:
Identify vulnerabilities and select administrative, technical and physical controls.
Confirm who has left the organisation or moved to another department in order to avoid authorisation creep.
AUDIT LOG REVIEWS
Make sure all useful logs are configured and routinely checked and monitored. This should include firewall, server logs etc.
Multi-factor authentication should be used wherever possible. 2FA/MFA is now supported as standard by many services and only requires turning on.
Make sure every user can be uniquely identified to establish employee accountability. Avoid using shared accounts. This should be incorporated into your Acceptable Use Policy.
THRESHOLDS & ALERTS
Make sure threshold & alerts are enabled for “quick wins”. Example – make sure you are alerted when a user fails X number of login attempts or displays obvious suspicious behaviour.
CLOUD SECURITY REVIEW
Cloud infrastructure and services require the same attention to detail as in-house IT services. All cloud services should be regularly reviewed including Office 365 and Azure/AWS.
Regular phishing simulation are vital to ensure user awareness. Simulation exercises with auto enrolment on training should be implemented and tested every 2 months.
92% of malware is still delivered via email and 56% of UK companies confirm that email is their top security threat. It is worth investing in a good email filtering solution.
Partner with a Cyber Security specialist who will assist your IT team in the fight against cyber threat. Cyber security requires a different skill-set than that found in most IT departments.
Worried about your Cyber Security? Fear not, our cost-effective Cyber Security reviews help companies stay ahead of cyber-attacks. Enquire today to speak to one of our experienced cybersecurity consultants.