Now that you have an understanding of what cyber security attacks are and the types of tactics that are used to exploit people and organisations, the key question is how do you protect yourself? What is evidenced from the growing trend of attacks is that businesses can no longer take a back foot or take the stance that it won’t be them to be affected, they must invest in proper protection and processes to keep their confidential data and assets secure.
We will explore the basic measures that you should implement to secure your business but if you are suffering from more sophisticated and targeted attacks, consulting with a data security specialist is advised.
- Establish Network Perimeter Defences – This is your first line of defence for protecting your business from external threats. Our recommended solution includes the implementation of Firewalls and Internet Gateways.
- Purchase Malware Protection – This should include client anti-virus. Client anti-virus and malware is in some ways the last line of defence for your business against a cyber security breach.
- Ensure Continuous and Rigorous Patch Management- this should be for all devices not just windows or client devices, but also all network devices.
- Secure Configuration – networks and devices that use the default standard configuration are often easy prey for hackers. Ensure that you change default passwords, remove unnecessary user accounts and disable unapproved default connections on desktop PCs and laptops as a starting point. Limiting data permissions is also a good tactic that will limit the extent of damage meaning that only a subset of data is affected.
- Undertake User Training & Education – As mentioned previously in the guide, user error is one of the key reasons why networks are breached. As a result, User education needs to be top of the list and implementing internal (HR) policies and procedures is one of the best defences.
- Security Monitoring
- Undertake a Security Risk Assessment
- Have a Breach response policy in place and use penetration testing with 3rd party testing to verify your secure configuration
- Physical building security and visitor protocols – This one may not seem a key means of protecting yourself but cyber security attackers can use social engineering tactics to manipulate staff and get around secure network access.
- Move scanning to the cloud (email in particular) – if it is scanned on premise, it’s already in your network.