Like it or not, there’s a good chance your business will be threatened by a cyber security incident over the coming year.
With the nation-states now taking sides, the likelihood of a cyber attack has increased.
In this article, we will discuss some of the primary measures your business can take to help reduce the risk of a cyber incident or data breach.
Network Related Attacks
These include man-in-the-middle IP theft and DDOS (denial of service).
The primary risk reduction method is to ensure all network traffic is encrypted and only SSL encryption technologies are used.
Services such as Office 365 for email, file, and collaboration employ SSL as standard.
File and Data Access
This includes: Information Theft | Data Breach | Document Theft | Personal Data Loss | Password Attacks
All business devices should be encrypted and restrictions put in place such as:
A) Biometric data access (face ID or touch)
B) Password protection
C) PIN access
In addition to these measures, another layer of multifactor authentication should be used on all user accounts within the business.
Mandatory implementation of MFA (multifactor authentication) can help reduce the risk of data loss significantly.
Device Infection Attacks
These types of attacks include: Drive-by Downloads | Rouge Software
Cryptolocker | Ransomware
Remote monitoring and alerting should be put in place as standard by your It provider. It will provide your business with an additional security layer.
Monitoring both activities on devices and alerting the potential infection.
The base security layer on all devices enforces admin-only rights for all software installs.
A backup restoration process can be initiated when a device becomes infected with Ransomware or Cryptolocker.
The backup retention period should be at least 30 days, and the restoration process should be tested on a regular basis.
Supply Chain Attack
In the event of a supply chain attack, there are a number of scenarios that should be simulated and documented in a cyber security response plan.
These include restricted access to key operational systems, including email, finance, and payroll systems.
In the case of a supply chain attack on Office365 and Microsoft services, the recovery procedures should be in place for limited file access in the form of local backups of Office 365.
Want to learn how to improve your organization’s IT security?
If you would like assistance in reviewing your current IT security stack, then do not hesitate to get in touch with us today.