5 useful tips to improve your business cyber security in 2021
5 Tips to Improve Cybersecurity for Your Business in 2021
5 Tips to Improve Cybersecurity for Your Business in 20212021-02-02T13:58:20+00:00
The changes in our tech landscape have been significantly altered by the pandemic, however, despite its continued pervasiveness within the news, COVID-19 has not been the only great change that businesses have needed to adapt to. The development of new integrated software to facilitate remote working has created a change in the way businesses operate inside and outside of the workplace, for both clients and employees. With these innovations, there have been additions in the types of cyber threats that businesses now face, such as network targeting, malware attacks, toll fraud and others that could result in your business being compromised or your data involved in data breaches.
Across all industries, a primary concern is security and compliance: making sure that your business data complies with GDPR legislation and other governmental standards to keep your business safe, compliant and secure.
Here are five basic considerations you can look to implement within your business to help tighten up practices and improve your approach to cyber security this year.
You will likely already be familiar using Multi Factor Authentication methods when accessing Social Media accounts, online shopping accounts or online banking.
In our view, Multi-Factor Authentication (MFA) is a must-have for any business. When correctly set up across your business, MFA requires two or more verification factors for the user to gain access to a device, online account, application or to access a VPN.
These two things could be a combination of:
Something that you know, e.g., username and password
Something that you have, e.g., a verification code sent to your device
Something that you are, e.g., face or fingerprint recognition
MFA benefits your business by improving security levels as it ensures there is an additional layer of security needed to gain access, reducing the risk of unauthorised access occurring and any potential data loss, theft or data breach.
If you are not familiar with it, the Dark Web is a part of the internet that has not been indexed by search engines that contain illicit material that cybercriminals can access and buy such as usernames and passwords, credit card, medical and subscription information.
Keeping an eye on what company information is stored on the Dark Web can prove tricky, however, Dark web audits enable companies to know exactly what information of theirs is available for purchase and where that data has come from. The audit then enables users to identify all weaknesses and quickly change those passwords to secure their business.
Hackers and scammers develop their practices at the same speed that security developers create new security software. It is because of this that decision-makers must remain mindful of their business’ environment and ensure applications are kept up to date and regularly patched.
Maintaining your business systems and applications to be “in support” and up to date with security patching is essential to mitigate risk to revenue and reputation. Any vulnerabilities in old applications on servers, workstations, and mobile devices can put your business at risk. In today’s remote working environment auditing your systems can be almost impossible without the right tools that do not rely on a person or device being connected to the office network.
Some recommendations here;
Centralised patch management for operating systems and applications
Maintain physical servers and other appliances in-warranty and in-support
Conditional Access to business data and emails – only allow secure mobile devices
As with managing security updates in a remote working world, keeping your business devices protected from malware threats can be very difficult. It is recommended that a centralised cloud-based solution is in place to protect devices and manage device health. A good solution would provide easy auditing of all protected devices, their agent installs health, any outstanding alerts, and remote threat mitigation tools.
Auto-updating of pattern files and the application itself
Best Practices Process
The introduction of a few simple processes can greatly reduce risk around your IT Estate. If every new laptop or network appliance is always set up to a building checklist that follows security best practices then over time you can make confident statements about the security of your IT estate. These best practices should be reviewed following any major changes to the business, its IT infrastructure, or the technology industry.
Some examples are:
Formalised Starter and Leaver processes
Server / PC build checklists
Approved business software/app list
Firewall rule change management with business justification recorded