Protecting critical data assets is of absolute importance to the tenable success of your business in 2019. Of decisive significance is ensuring you are proactively keeping up to date with the cyber threat landscape as it evolves, as a ‘defense-in-depth’ approach is continually in need of modernizing.
Cyber Security is no longer a designated problem for your IT department to solve. It’s much, much bigger than that.
In truth, it is a continual strategic risk management process filtering from board level right through the entire organisation, because any desktop, laptop, tablet or smartphone that connects to your company network is your end user environment.
Hierarchy amounts to nothing if all security measures are equally weak on every device and the CEO is the least educated on cyber security.
Board members must be prepared to mitigate cyber threats:
Poor cyber security solutions within your IT infrastructure can have an ill-effect on your financial stability; your relationships with both business partners and investors; customer perception of your brand; your ability to maintain control over data management processes and the productivity and workflow within your end user environment.
It is critically important to feel assured that:
- Your most sensitive data is out of scope from a cyber attack
- All personnel throughout the business understand their level of accountability and to use internet facing devices responsibly – (for further assurance, ensure experienced IT engineers have mitigated this risk in line with NCSC Cyber Essentials Plus standards).
Find out how distinguished IT companies are providing SMB’s guidance in choosing robust cyber security solutions to protect their data:
Thankfully for London businesses, there is plenty of information on how to best protect your business.
Cyber-attacks are less likely to be successful provided that cyber security solutions with defensive capabilities have been enforced with qualified IT engineers manning them to counteract the sophisticated threats of 2019.
Businesses must approach their IT defenses with a security-based mindset that comes not only with the correct education, but an assured ‘know-how’ that can only come from experience in dealing with problem solving in high-pressure real-life situations where a client’s data is in the balance.
10 Cyber Security fundamentals for protecting business data:
- Cyber Security Solutions for SMB’s necessitates for a sound judgement of how many security controls are enough – that it supports and protects your end-user environment but not so much it stifles their productivity and workflow. Security that impedes usability is not efficient security.
- Reaching resolutions on how best to protect your IT Infrastructure will be directed by risk mitigation processes, approved and endorsed by information security standards like ISO 27001 and Cyber Essentials Plus.
- Suggestions made to adjust an existing security measure should be considered as a cause for debate, with any decisive action carefully carried out in line with industry standard security protocols.
- There is a high probability that a registered end-user device may go missing and not be found again. To maintain some element of control in such situations, senior IT engineers with admin access privileges should have a remote capability to cease all access privileges to and from the machine.
- Every new cyber security solution on the market will eventually have vulnerabilities and need security patch updates; your responsibility as a business is to ensure one vulnerability does not weaken the security of your IT infrastructure.
- It’s impossible for businesses to have 100% immunity to zero-day attacks (this is a vulnerability that hasn’t been performed by the vendor yet). An IT engineer’s responsibility is to keep an eye on when the patch update is released, then update systems promptly to minimise any damage.
- Many websites are purposefully built to infiltrate any device connecting to them. Most staff within business end-user environments will need educating on what to look out for when determining an unsafe website, pop-up links and email attachments.
- Open public Wi-Fi networks such as airport Wi-Fi are widely accessible making them popular for the general public. This makes them just as popular for hackers as it requires little or no authentication to establish an internet connection. Connecting to the company drive via an open Wi-Fi network is incredibly risky. Connecting remotely should be done with the use of secure networks and VPN’s to better safeguard data, devices, business products and services and prevent the company network from becoming an attack vector.
- Have a robust password policy. Multi-factor authentication should be implemented however there are considerations such as users not having corporate devices or wanting to carry tokens. An attacker could still have placed rogue software on the machine, multi-factor authentication will just stop them being able to log in to any websites. One challenge is it being difficult to find a multi-factor authentication vendor that will support all your cloud applications, so it is worth paying your due diligence.
It must be understood that no matter what cyber security solutions or risk mitigating measures you have in place to protect your IT infrastructure – your business can never be 100% immune to threats.
Having alerts setup via network monitoring and preventive measures like DNS web-content filtering can enable your IT team to thwart a cyber-attack in its tracks.
Then, having business continuity capabilities to re-boot entire systems and infrastructures via frequent, automated backups means you can go back to a point in time prior to attack and, depending how frequently you backup your data, you can minimise data loss to anywhere from an hour to as little as 5 minutes. However, this will depend on your budget in relation to quantity of data you wish to have on storage.
Mitesh founded Fifosys in 2001 following completion of a master’s in computer science. He has a reputation for straight talking, delivering focused and effective directives to his clients. Having an in-depth understanding of both operational and transformational IT projects, he enables Fifosys teams to provide noc monitoring services. He also acts as a mentor, guiding junior aspirants commencing their business career.