Five simple, but crucial controls to protect your business
Keeping businesses safe from cyber threats is becoming more and more important as smaller businesses are being targeted due to them being an easy target as they more often than not ignore cyber security thinking data breaches will never happen to them.
I’ve spoken to many business owners after an attack and they have always said the same thing in one form or another “I never thought it would happen to me, I’m too small”.
While you will never truly be 100% safe from cyber threats, any company that says they can make you 100% secure is only after your money, you can follow five basic controls to help minimise your risk of an incident.
Those five steps are
1) Firewalls
2) Secure configuration
3) User access control
4) Malware protection
5) Patch management
That might look like a small list and for some people might make a lot of sense, but for most they all look like IT buzz words and sound impressive but do not mean a lot. So, let us look at each in a little detail.
1) Firewalls
Firewalls are designed to restrict and prevent access to resources on your network both from Internal and External access.
Providing they are set up correct they are an essential part of your cyber security. To ensure this Boundaries need configuring correctly to give or deny permission to infrastructure either by setting global boundaries or on a user/device basis.
A firewall can either exist as software on your device, normally as part of your Internet Security software or as a hardware device on your network. In both cases the setup and maintenance of both needs to be checked on a regular basis
2) Secure configuration
Computers and network devices need to be configured to minimise the number of vulnerabilities and provide only the services required to fulfil their day-to-day function.
This will help prevent unauthorised actions from being conducted and will also ensure that each device discloses only the minimum information about itself to the Internet.
3) User access control
normally the first point of contact for any cyber criminal is the user and the hope that they will click the link and without realising it install malicious software.
By carrying out your day-to-day work on an account that is set up with limited access you can greatly reduce the chances of unwanted software from being installed onto your device. The administrator access should only be used when you are installing known software or devices onto your system.
Also stopping settings like autorun/play can help reduce the chances of unwanted actions taking place when you insert a CD/DVD (remember these??) or memory stick.
4) Malware protection
Much like the days of viruses, malware can wreak havoc on your system if you have no defence against it.
From watching what you type to encrypting all of your documents malware can come in many forms, to this end it is vital that you always backup your data either to a cloud-based backup system or to external media that is kept away from your systems when not in use.
Having good internet security on your devices is a good place to start with your protection, along with a backup process as mentioned above.
5) Patch management
Let’s face it, we all hate getting the message that updates are being installed onto our devices and it will restart at the most inconvenient time, although to be fair Microsoft has got better at this and now has working hour that it will avoid restarts unless absolutely necessary.
But it’s not just the operating system we need to keep up to date it’s also the software we use daily. It can in the long run prove costly but once a required bit of software has reached the end of its supported life it should be replaced with a newer version but doing this will be less costly to you than old software being a route into your systems for cybercriminals.
All of the above is not based on just Windows devices but goes across all operating systems and devices. Following the above regardless of the operating systems and devices you use will greatly reduce the chances of you and your business falling victim to cybercrime.
- So cyber criminals are not interested in me, are they? - December 8, 2023
- How secure are your remote workers? - October 14, 2023
- The basics of IT security - July 31, 2023
