As 2019 draws closer, we have compiled a range of cyber security guidance tips for organisation’s to be aware of and follow in 2019. If this year has proved anything, it is that we need to adapt to the ever-growing cyber threat and enhance cyber awareness to become more resilient.
This list is by no means comprehensive and to reduce the threat of a cyber attack to the best of your organisation’s ability, undergoing an official and regulated cyber awareness programme is essential.
Assume that you are a target:
Never think that you are not a target to cyber criminals as you hold nothing of value or your business is “too small”. If you have money, data or a place of work, expect to be attacked – no one is immune to the risk cyber crime presents.
Understand your cyber-exposure:
Before you do anything, you need to understand your cyber exposure. Being aware of your cyber risk profile is essential to the implementation of a robust cyber security strategy.
Do you know where your business is currently exposed? Intqual-pro can provide you with a Dark Beam Cyber Exposure Report. Dark Beam allows you to see your vulnerabilities from the eyes of a malicious actor; scanning the surface, deep and dark web to assess corporate leakage.
Another area of cyber exposure you need to understand is employee awareness. The processes of social engineering and phishing are responsible for over 85% of the human error breaches. Identifying the level of human risk is often a difficult task and most go about testing it in the completely wrong way.
Intqual-pro use state of the art Spear Phishing software to create organisation, role or departmental specific spear phishing emails. We are then able to identify your overall business risk, as well as departmental or role specific risks.
Correctly educate your workforce:
You are only as strong as your weakest link – which is often your employees. Most limit cyber security to their I.T. department, leaving the rest of the organisation unaware of risks and the correct steps to take. With infrastructure becoming more and more robust, cyber criminals are targeting human vulnerabilities. Human error is the leading cause of cyber-attacks, with over 90% of successful breaches being a result of it.
Making it clear to them why they are an attractive target and educating them to raise awareness is the best way to reduce risk. The Cyber Stars Initiative is the only cyber security awareness programme with an official UK Government regulated qualification attached and is now delivered in over 25 countries.
Limit network privileges:
The insider threat is often overlooked, with most believing their workforce are trustworthy. But one disgruntled employee could result in a major data breach. Only permit staff access to the information their role requires and remove permissions ASAP when they leave the organisation.
For maximum security, you could also monitor user activity.
Apply 2FA and enforce strong password security:
Ensure you and your employees use strong passwords, not relating to things such as a date of birth, workplace, name, etc. Passwords should be long and random, consisting of upper and lower case letters and special characters.
In order to mitigate the risks of poor password security, apply Two-Factor Authentication (2FA) where possible.
Understand the dangers of remote/mobile working:
In a modern workplace environment, remote working is not uncommon. Whether sending a quick report from a coffee shop or catching up on emails on the train, using public Wi-Fi possesses a real threat and your data could be intercepted.
How do you know the stranger sitting next to you isn’t a cyber criminal? As you casually log in to your email, they’re noting your information down to hack into your account later.
When it comes to mobile working, devices should be every bit as secure as your laptop or desktop computer. Always ensure you lock your mobile with a PIN/password or fingerprint ID, keep your operating systems updated and keep sensitive data stored on your device to a minimum.
Implement a removable media policy:
Through infected flash drives, external hard drives and even smartphones, malware can easily be spread. It is important to have policies in place to reduce this risk and to scan any device for malware before plugging it into a computer.
Cyber security and information security are NOT the same thing:
There is a huge misconception that cyber security and information security is the same thing. GDPR compliance will not protect you from malicious actors and the threat of a cyber attack. Operational disruption and reputational damage are increasingly more damaging to businesses that data loss/theft.
Stay updated of the latest cyber threats to your sector:
Once employees are educated, it is important for them to remain aware of new threats. With cyber crime ever-evolving, traditional training programmes often become outdated the minute the course is complete.
On achievement of the Cyber Stars Initiative, each individual will be provided access to a Cyber Stars Portal. This portal contains a daily threat feed which can be filtered by sector so that Cyber Stars can remain aware of threats specific to their industry. It also contains a range of educational materials and policy documents to spread awareness throughout their organisation.