Creating a cyber security prevention strategy
Good cyber security practices, and an understanding of the key cybersecurity basics, help businesses to prevent and respond to digital attacks quickly and effectively.
It is essential for businesses of all shapes and sizes to have some kind of cyber attack prevention plan in place. Armadillo Managed Services recommends the following:
We understand that there are a huge number of security vendors out there who are promising to be the silver bullet to whatever buzzword is in the news – and it can be really difficult to stay abreast of the market when cyber security is not your core business.
Like any other major project, our advice is to stop and plan before rushing into purchasing a new technology which might end up doing not much more than warming your data centre! Here are a few tips:
Think about the threats which might face your business. What data do you hold that people might want to steal, or if it was leaked would cause the most damage to your business? Think about the systems which if they were maliciously taken offline would stop your business from running. Your security strategy should prioritise controls which address these key risks first and foremost.
DEVELOP A PLAN
Take stock of the tools and controls you already have. It may be that you have tools which could address your challenges already but they are just not set up correctly. Budgets are always tight – so reuse where you can.
Similarly, just because you have a tool in place – don’t assume it is doing its job properly. Businesses are used to doing audits or penetration tests on an annual basis, but security moves much more quickly and it’s important to continuously assess the state of your security.
If a firewall administrator does an upgrade and mistakenly opens up part of your network to the internet, you might not notice for a few months – but you can be sure the bad guys will.
There are now tools available to continuously test your defences, alert you when there is a problem and most importantly show you how to remediate them.
Once you think you have addressed your risks, consider mapping your organisation against an industry-standard security framework. Examples are Cyber Essentials, Cyber Essentials+ and ISO 27001.
There are two main benefits to going through such a process – firstly you learn from the knowledge of others – frameworks force you to follow a prescribed checklist which will cover things you might have missed yourself.
Secondly, it gives your organisation an external ‘stamp of approval’ which helps build trust with your customers and business partners.
Finally, as a managed services provider ourselves you may think this is biased advice – but do consider outsourcing some areas of security if you are not confident in doing it properly yourself.
Buying a tool is one thing, but attracting, training and retaining cyber security staff can be a full time job in itself. A specialist cyber security provider will be able to bring knowledge gained across a whole range of other customers – knowledge it would be impossible to gain in a reasonable time within a single organisation.
Managed services providers work as an extension to your existing team and allow you to focus on growing your business rather than worrying about security!
10 Steps To Cyber Security
1. Use strong passwords (and require employees to do so)
2. Control access for employees
3. Use a firewall for best cyber security management
4. Install computer security software like anti-spyware, anti-virus and anti-malware
5. Always update programs to give yourself the best computer security
6. Encrypt your business data
7. Regularly back up all information
8. Monitor the use of all equipment and IT systems
9. Educate your employees / raise awareness of cyber security
10. Frequently submit your cyber security plan to audits – stay up-to-date with cyber security developments
As well as educating your employees on the importance of cyber security, it’s important to make sure everyone is aware of the dangers, and of what to do in a crisis. Most importantly, make sure your tech team is equipped to deal with cybercrime, if an attack were to happen to your business.
Try a ‘cyber security for beginners‘ course to help your employees understand the risks and implications of sharing data.
As an employer, you need to know how to protect your business from cybercrime; by creating an actionable cyber defence plan, educating your employees and remaining diligent.
Let us know how your business is building a cyber security strategy.