Recommended Cyber Security Best Practice
A quick guide on cyber security recommendations and best practice. Helping keep your business safe online this summary guide gives 15 key areas to consider in a cyber security protection plan. While some are obvious many points are overlooked and become the weak link attacked by cyber criminals.
Use a firewall
Probably one of the most obvious but still often overlooked, a robust firewall will go a long way in keeping out intrusion. This can be a third party software and also on router configurations. Locking down access areas is one of the most crucial recommended cyber security best practices. On it’s own it will not safeguard so read on.
Install Anti Virus
Anti Virus again an obvious choice but in a money saving bid some companies run free or outdated versions. these are not always adequate to catch emerging threats and so a trusted solution should be used with regular updates and patches. A worth while investment is to run 2 different solutions on the internet facing server and that of the user machines. This gives an extra layer of security without the issue of 2 Anti Virus conflicting after being loaded onto a device.
Secure Builds and keep software updated and patched
Ensure all devices have a standard build or set builds for user requirements. Varying device set-ups can cause IT problems when trouble shooting is needed. Standard software builds also allow easier roll out of software patches. Securing devices against user change is also a cyber security recommendation. This could be restricting of; USB access, downloading of non-approved software and restricting certain websites.
Physical Security
Reliance of software protection is just not enough when a device could be stolen or data read over a user’s shoulder. Critical hardware such as servers should be monitored to ensure no unauthorised access to the physical unit. This can be in the way of CCTV, Motion detection and Electronic passes to access the server rooms. User laptops should also have locking capabilities with a privacy screen when using data in open spaces.
Use a VPN
VPN or virtual Private networks give a secured route from device to end target while disguising and encrypting the data being sent. This is useful when working remotely or using a public network. A public network could be owned or accessed and monitored by anyone. Creating a secure tunnel stops any would be cyber criminals from intercepting data.
Keep Cyber Security Policies and Procedure updated
Cyber Security polices should be kept updated to meet current and emerging risks. Plans of recovery should a cyber attack happen need to be known and worked down to reduce the impact. These guides can also make up the basis of staff training guides.
Employee Education
Datplan promotes this as one of the most important Cyber security policies. Employees are a constant target by cyber criminals by way of Phishing, blackmail or collusion. If a user can identify a threat IT or Cyber protection department can be notified and the appropriate steps can be taken. Un educated staff could unwittingly download malicious software, full for a Phishing scam. Educating staff in Cyber Security gives a company an increased security layer.
Cyber breeches and lessons learned
Keep a log of attacks both successful and unsuccessful, what happened, how it was identified and how it was resolved. The lessons learned here can help in the case of future attacks and also can be used as a guide for staff transfer education.
Review Internet of Things IOT
Do you know how many mobile devices log into your network each day or per person? Consider, Company phones, personal phones, Ipads, smart watches, web cams, fit bits, even your coffee machine could be. With all these devices a policy is needed, this could be to keep them on a separate network or require log in credentials. Phones now have a huge storage and so walking out with a customer database back up is quite possible!
Passwords
As computers become more powerful so does the time it take to brute force a password. Ensuring passwords needed comply with company standards or industry best practices is essential to avoid unwanted breaches.
Review Data for high risk transactions
If a company has a security breach or transactional fraud it can be years before identification. In this time many companies financially suffer to the point they can’t recover. Fraud from internal or external parties will leave a breadcrumb of trails and clues. Identifying these early can put stop to any financial theft and controls put in place. Running threat detection over data helps recognise these high risk transactions. Datplan’s Cyber Control includes Fraud detection software suite. Run over company data high risk transactions are identified for review.
Data Back up
Cyber Attacks can steal, delete, change or hold for ransom company data (ransomware). Therefore, as part of the recommended cyber security best practice should include regular data back-ups. If critical disruption to services stop trading then being able to restore data will reduce the impact of a cyber-attack.
Segregation of duties
In system critical roles and that of financial roles a segregation of duties should be implemented. To avoid fraud a requirement is needed between that of requester and approver. Although this will not stop collusion which is covered in the transaction review above, it does add a protection layer. IT access requests and approvers should also have the same level of dual approval.
Secure WiFi
Another obvious point to many but changing the password from the default and to a secure string is not always undertaken. As wifi can be accessed from outside the physical building a hacker could be working on access from next doors coffee shop.
Review 3rd party venders
Often overlooked is the reliance and trust on 3rd party vendors. With all the steps undertaken above how would you know that the very person invited to work on your server or data warehouse is not the very same person the above steps are trying to keep out. While there is always an element of trust needed a background check should be part of the engagement process with any third party. Much like a reference on a new employee the same type of review should be in place.
Datplan has been providing cyber security, fraud detection and data analysis services for over 20 years in the finance and insurance sector.