Cybersecurity has become more important than ever with the shift to digital and cloud services and remote working as a result of the pandemic and advances in technology. Data is the new oil and is a valuable asset to any organisation. This, unfortunately, makes it a prime target for cybercriminals trying to steal it for financial, competitive, political gain or kudos or to damage the reputation of an organisation.
The National Cyber Security Centre reported a 400% increase in COVID-19 related cyber scams in March 2020 and the most common cyber-attacks faced by business are malware infection, phishing and ransomware.
In order to protect your business from such attacks, the business first needs to understand where its vulnerabilities are and how much risk exposure they have. The best way to do this is to engage a cybersecurity and risk management services organization to undertake a Cyber Hygiene Review and Vulnerabilty Assessment. This will identify the people, organizational and technological weaknesses which exist within the business, the risks they pose and the recommended actions to mitigate.
The next step in the process is to try and exploit those vulnerabilities using techniques that a hacker would use, but in a controlled environment through penetration testing and red teaming. This will identify how far those vulnerabilities can be exploited and the damage that a hacker could do.
An Information Security Management System (ISMS) aligned to the ISO27001 standard will give a business a good framework for managing information risks and improve the overall security culture of the business therefore reducing risk. ISO27001 is also now a requirement for most suppliers when pitching for new business as it gives assurance to the procuring business around the policies, processes and controls in place to protect their data.
An ISMS covers the physical, technical, procedural and managerial controls to protect businesses against this growing crime and the implementation of an ISMS doesn’t have to be expensive, it is mostly a lot of common sense; like locking your doors and windows and making the people in the house aware of criminals and their intentions and what can be done to protect themselves and the valuable assets inside.
Remote working has clearly become a necessity in the response to the COVID-19 pandemic and there are a number of things which can be done to reduce the risk of data breaches and the loss of services and information due to cyber-attacks:
- Use strong passwords and don’t reuse passwords for different systems and websites
- Enable 2FA and where possible use an authenticator app
- Use a password manager to manage multiple passwords or implement single sign on
- Educate your staff regularly on the trends, threats, vulnerabilities and risks and the practices to reduce the risks
- Put in place policies to set the expectations to all staff and communicate these
- Do your due diligence on new cloud services providers, collaboration tool providers, video conferencing providers and any other service or software provider and complete a Data Protection Impact Assessment (DPIA) before implementing
- Provide guidance to your staff on how to protect their home network with a firewall updating admin passwords; where possible put in place a reputable Virtual Private Network (VPN)
- Ensure Anti-virus protection is installed and being updated
- Ensure that windows updates are being implemented and other software security updates
- Ensure data is being backed up and kept in another secure location; test it works!
- Update staff on phishing and how to respond when a suspicious email is received
- Carry out a vulnerability assessment, cyber hygiene review and penetration test
- Continually review and reassess your information risks and controls and update as necessary
For further advice Contact Us Today