Where does your organisation sit regarding a cyberattack or data breach? Are you well-prepared? Are you protected? Have your response plans been tested in the last year?
Cyber security is a constant battle. As technology advances, so does the sophistication of the attacks and therefore, a system put in place 12 months ago may not be effective today. And considering the UK workforce (and to a certain extent, the global workforce) have been working remotely on potentially vulnerable systems, cyber threats are on the increase. Luckily cyber security technology works to keep one step ahead of the cybercriminals.
So, what can you do to ensure you maintain a secure network?
Ten steps to improve network security
Network security doesn’t have to be complicated or expensive. By following these ten simple steps you can help create a strong security culture within your organisation.
1. Adapting a Strong Password
Gone are the days of choosing your favourite TV show or first pet as adequate passwords. Instead, passwords should be impossible to crack, such as a really complex sequence of numbers, letters and characters (e.g. m1x 0foi@4*ct*&r6) or several dictionary words, a number and special characters strung together (e.g. bananamilkcandlecatfoodcamelstresstoy_2020).
Passwords if possible, should not be written down where they could be accessible to others.
2. Installing a Good Firewall
The first line of defence in computer security is installing a good firewall. The firewall determines what traffic is allowed through and what isn’t. These can be individually set up, meaning certain sites or site-types will be blocked for your users; therefore, keeping your client and company data protected from external threats.
3. System Monitoring
system monitoring is a significant defence in the battle against cyber threats as it enables the IT team to detect threats in the system before they have had a chance to cause any damage or disruption to your business.
These monitoring tools scan different aspects of your networked systems and security logs looking for anything suspicious. Such tools include Security Incident and Event Management Systems (SIEM), Intrusion Detection (IDS) and Behavioural Analytics (BA) systems.
4. Employee Training
The digital security of a company is only as good as the individual users, and therefore training is a vital part of maintaining a secure company culture.
Training in spotting phishing emails and the dangers of clicking on links and opening attachments from unknown or suspicious accounts can cut cyber threats dramatically, as well as how to spot suspicious emails which appear legitimate (eg.an email from Paypa1@gmail.com).
Additionally, ensuring there is a clear process to follow should the users suspect something maybe a virus or a phishing email is vitally important.
5. Risk Management
As in any industry, knowing the dangers will enable cyberattack and breach response plans to be put into place. But the key is knowing where the vulnerabilities in your systems are. This requires a close assessment of processes and a rigorous risk assessment.
If you feel that your business would benefit from a risk assessment, the team at CIS will be able to offer advice on the best way forward. Get in touch for more information.
6. Email Security
The majority of people can be quite blasé about email security, keeping their emails logged in on their machines and sending unsecured sensitive data via email.
Introducing a strict IT security culture regarding email is an essential tool in the arsenal against cybercrime; training staff on the dangers of phishing, ensuring all users have a complex password and are asked to change it periodically as well as email encryption. There also needs to be rigorous processes in place for email access on mobile devices.
7. Endpoint Security
With most users working remotely on a series of devices (i.e. endpoints) including laptops, mobile devices, and desktop PC’s in addition to servers in data centres. Endpoint Security is the process of ensuring these endpoints are secure.
All of these endpoints can provide an entry into your network for cybercriminals, and therefore endpoint security systems should be used in addition to anti-virus software (see below). This can include endpoint encryption and application control.
8. Anti-Virus Software
All networked PCs should have up to date anti-virus, anti-ransomware and anti-malware software. If you want advice on the best systems for your business’ needs, contact the team at CIS, and we will be happy to advise.
With anti-virus software, no matter how sophisticated it is, it is only efficient if it is kept up to date.
9. Multi-Factor Authentication
As inconvenient as it may be, only having a password isn’t secure. Introducing multi-factor authentication into your organisation will add another level of security. In addition to having a password, the users may also be asked for a fingerprint or pin which will be sent to a mobile number or email address.
10. Avoid Public Networks
Using an unsecured public network is potentially inviting any third-party access to your company and client data to do with what they want. With more of the workforce working remotely, its essential that all users are clear that using unsecured public networks (e.g. free WiFi in a café) is not acceptable for business use.
Unsure if your business could defend itself against a cyber attack? Get in touch with one of our experts today to discover how we can help.
Contact CIS IT support today and explore our range of cybersecurity services , data backup and IT support services.