In light of some of recent high-profile attacks; We wanted to share some basic cyber security tips for business of all sizes and provide a simple checklist so that you can audit your company’s cyber security strategy.
For seasoned security experts this is all standard practice but as we have seen, even the biggest companies in the world can overlook the basics and get caught out.
1. Sharing Passwords – What’s your strategy?
Pinning Passwords to Slack is not a good idea (See - Twitter). Sending it in an email or even in a private message is no better. Nothing beats old fashioned verbalisation or writing with a pen and paper (that is destroyed afterwards). In today’s world we can also simply use a Password manager.
2. Password Managers
As hard as we try, most passwords are pretty easy to crack. Which is why Password Managers are great for automating different complex passwords each site you use.
Password Managers aren’t perfect, but using one is a lot more secure than "Password1" or your mother’s Maiden name.
Here is a good list of password managers to research.
3. 2 Factor Authentication
There are some downsides to 2 Factor Authentication, as some high profile hacks have been caused by 2FA manipulation. However industry experts tend to agree it is better than simply using your password.
Having a 2nd layer of protection should stop most basic social engineering hacks, in fact Microsoft believes it could contribute to stopping 99.99% of hacking attempts on their accounts.
4. Regularly Auditing Employee Access
Disgruntled former employees with access to your data is not a good combination. With so many various access points, it’s important that proper security audits are done when someone leaves your organisation. Think of social media platforms and other third-party software services with shared logins and ensure access is revoked.
5. Locking Idle Computer Screens
Your bathroom break could become a security crisis unless you take precaution and lock your screen. Mobile phones tend to have this built in but the behaviour doesn’t always translate to laptops or desktops.
Building a culture of security should start with locking your screen, and if you want to be extra safe, there are numerous ways you can automatically lock your screen when you go inactive, here is how to do it for Windows.
Phishing is the method of obtaining data via fraudulent means often by disguising oneself as a trustworthy partner. This type of attack is common in email, through duplicated sites or instant messaging.
Educating your staff on Phishing is important as human error is the number one cause of serious attacks.
Phishing.org is a good resource for information on Phishing.
7. Up to date Firewall
Firewalls keep a lot of the bad stuff out and are a worthy investment for all types of business. However, an outdated firewall is not much use. Threats evolve constantly and it’s important to keep your firewalls up to date with the latest version.
8. Update your Software too
On the topic of keeping things up to date, it’s important that you continually ensure your software stack & operating systems are up to date with the latest versions. Companies continually release patches and bug fixes and publish the vulnerabilities that are resolved. This is great unless you are using an old version of the software, then it serves as a road map for an attack.
9. Create An Incident Response plan
The size of your organisation will determine what kind of incident response plan is necessary but every business should consider the worst and plan for it. By preparing contingencies you can mitigate the damage caused by an attack. Here is a good guide for SMEs.
10. Continuous Security & Vulnerability Assessments
Continuous Security is the practice of ongoing vulnerability assessments in your software and web applications. We have written about it at length here.
By continually testing your website and /or web app (s) you will know your vulnerabilities before any hackers do.
While it sounds intimidating, it doesn’t have to be difficult. We’ve built our software to be extremely user friendly and you can set up a scan of your site within 2 minutes.