When it comes to protecting your business online there are hundreds if not thousands of companies all claiming they have what it takes to prevent attacks of all shapes and sizes. In this blog post, Brian Third, Managing Director, Advanced Cyber Intelligence, discusses the obvious, and the not so obvious, things that organisations of any size should do to protect themselves to the max! (Be warned, everything in this blog post comes in threes)!
It’s ok, we’ve installed anti-virus software on all our computers!
10 years ago, that might have been enough, but things have moved on since then – a lot.
Today, cybersecurity attacks take many forms, most commonly: ransomware & malware; endpoint attacks; phishing; supply-chain hacks; and artificial intelligence (AI) and machine learning (ML) driven attacks, according to Masergy. These are advanced forms of attacks that are impossible to stop with just one type of technology. Furthermore, cyber attackers are constantly evolving and coming up with new ways to break through security measures meaning that any technology you do invest in must clearly demonstrate an ability to defend you today and in the future.
It’s easy to get confused when it comes to exactly what technology you should invest in and many companies are all too willing to tell you that they will solve all your problems. This is fundamentally not true. At the bare minimum, you need antivirus and antispyware software, a firewall for your internet connection(s), and a WiFi security solution.
These three types of technology will protect you against the most common types of cyberattacks – ransomware & malware, endpoint attacks, phishing, supply-chain hacks, and artificial intelligence (AI) and machine learning (ML) driven attacks.
Technology solves everything, right?
No! Technology is not a panacea. Technology only works as well as the people who operate and interact with it which leads me to my second recommendation – processes.
“We need a process for that” is probably one of the most commonly uttered phrases in business, and for that reason processes have a reputation for being mundane, tedious, and dare I say it – ignored! The problem is that technology will only get you so far and in the simplest terms, alert you to a threat or attack. It’s what you and your employees do before and after that threat or attack that really matters.
Employees are the front line of your defense, but all too often the weakest point for (you guessed it, three reasons): weak passwords, single-factor authentication, and failure to update software. The very concept of weak passwords can be stalled at the source by creating a rule in your organisation’s operating system set up which forces users to set passwords that conform to certain standards. At a minimum, I recommend 10 – 12 characters, two of which must be capitals, one special character, and at least one number and never, ever, re-use passwords!
Two-factor authentication software packages are widely available and easily implemented and once in place ensure that all employees have to complete two stages to login to software programs, typically involving two devices such as a laptop and a mobile phone thus making access to your systems more secure.
When it comes to updates, you need a process that ensures all employees update any security software as soon as updates become available. Some software packages will force users to update to the latest version, but not all. When manual updates are required, roll out a company-wide process that communicates why the update is needed, how to do it and sets a deadline for doing so. Make sure this is clearly communicated to all employees and that you have adequate tracking in place to monitor progress and complete the process as quickly as possible to limit exposure to weaknesses.
You don’t know what you don’t know
The final arrow in your quiver is education. Cybercriminals move quickly and constantly evolve coming up with new ways to break through security systems. There are many ways to stay up to date with the latest threats, reputable publications such as IT Pro provide up to date news and analysis, courses such as Imperial Business School’s Cyber Security for Business Executives are a great way to learn from experts and gain tangible skills, and for the newbie cybersecurity professional there’s no replacement for hands-on learning with a reputable professional who can help you navigate the systems you have in place today, assess potential risks, and guide you through implementation of new software and processes.
If you only remember three things from this blog post
- Not all businesses are subject to the same risks, it’s important to know what the top threats to your business are in order to put in place the best possible defenses
- Technology and processes go hand in hand
- There is no substitute for knowledge
Contact us to find out more about how Advanced Cyber Intelligence can help your business maximise its defenses against cybercrime.
Call: 01372 728090