Organisations of all sizes across the UK now operate online in one way or another and benefit hugely from being constantly available. Whether this is in the form of social media, staff email addresses, banking online or providing an e-commerce platform for their customers there is, on the contrary, a constant threat from increasingly sophisticated methods from hackers online. Having a cyber security strategy is critically important and is made up of several IT Security components.
Most cyber criminals look for poorly protected and vulnerable IT Infrastructure as well as organisations who hold sensitive data on their employees and clients. As a result of this, many organisations are finding themselves navigating through waters where they may not have the right equipment, or knowledge to protect their IT Infrastructure from cybercrime threats.
What does a Cyber Security framework involve?
The Cyber Essentials Scheme
Having a cyber security framework such as Cyber Essentials to work towards can be beneficial for your organisation. Having key goals can help ensure that the risk of a data breach is minimal.
Cyber Essentials is backed by the UK Government and National Cyber Security Centre. By being Cyber Essentials certified, this outwardly shows your commitment to cyber security. Having a Cyber Essentials certification also demonstrates to your business partners, regulators, suppliers and customers that your organisation takes cyber and information security seriously.
With the General Data Protection Regulation (GDPR) now in play, its more important than ever for organisations of all sizes have a solid cyber security framework and make your organisation compliant with the regulation than now.
If your organisation is not compliant with GDPR or suffers a hack of sensitive business data, there can be significant fines which are much higher than the preceding Data Protection Act 1998. The Data Protection Act 1998’s maximum fine was £500,000, however, under GDPR fines can be 4% of an organisation’s annual global turnover or €20 million – whichever is greater.
Whilst Cyber Essentials Plus covers the main topics, the ISO 27001 standard goes one step further. Achieving ISO 27001 compliance, confirms your business is following information security best practice, and also ensures that your data is adequately protected in line with the GDPR. The compliance requirements of ISO 27001 gives you a solid foundation to evolve and effectively manage your cyber security strategy.
Cisco Meraki is one of the most trusted Connectivity solutions on the market. The Cisco Meraki solution is formed of switches, WiFi Access Points and state of the art firewall security for businesses. One of its most appealing features is the ability to manage these pieces of hardware via a feature-rich dashboard in the Cloud as well as having in depth intelligence and monitoring features. It’s easy to make any changes to your deployed Cisco Meraki solution.
Sophos Intercept X
Malware threats are becoming increasingly common with over 300,000 pieces of malicious software being released every day – this means its’ vital your business remains uncompromised and secure.
Sophos Intercept X is a next-generation endpoint detection and response platform that is designed to stop malicious threats and exploits, including zero-day and Ransomware attacks – a vital component of any organisation’s cyber security framework.
The innovative root-cause analysis functionality enables you to identify the sources of intercepted attacks and provides an interactive visual guide that shows where the attack gained entry, what was affected, and where the attack stopped.
Sophos Intercept X can be installed on and protect a number of devices including all your network’s computers, mobile phones, tablets and servers, be connected to VPN connected offices and users who are working remotely as well as Wi-fi users, web and email servers and also your employees own BYOD devices.
Included with most Cloud licenses, Sophos Central is an integrated management platform. This feature simplifies the administration of multiple Sophos products and there are two key elements to Sophos Central.
Allowing IT Managers to manage all their Sophos products in one console, Sophos Cloud includes endpoint, server, mobile and web, with email and wireless management while Sophos Central – Self Service enables end-users within your business to manage quarantined email, Bring Your Own Devices (BYOD), as well the secure configuration of wireless access points and hotspots.
Microsoft Enterprise Mobility + Security (EMS)
Doing business in a digital-first world means that your organisation’s devices should be protected at all times, and with remote working becoming more commonplace at work, your business data needs to stay safe and secure wherever your employees are located on whatever device they’re using. It’s needless to say that BYOD Device Management should form a large part of your business Cyber Security framework.
Microsoft’s Enterprise Mobility and Security (EMS) platform makes it much easier to manage device security across desktops, laptops, mobiles and tablets. As an identity-driven set of Cloud-based BYOD management tools, Enterprise Mobility and Security secures sensitive company documents. This means your business documents can be securely accessed by users regardless of location or what device they are using. Microsoft have also just launched their Microsoft Defender ATP for Android, with IOs capabilities to follow. This is specially designed to protect mobile devices from phishing and malware attacks.
Microsoft InTune is built into Enterprise Mobility and Security, making this solution GDPR compliant. InTune enables users to use their own device for work purposes and also store business data on the device. One notable feature of InTune is that there is a complete separation of personal and business documents so the organisation you work for cannot read your personal messages and you are unable to copy and paste business data into a personal app. Another feature is that if your BYOD business device was to be lost or stolen, InTune is able to remotely and selectively wipe the sensitive business data from the device meaning there is no breach of business data, an IT Security component that cannot be ignored.
Which product is best suited to my businesses needs?
At Infinity Group, our belief is that no two organisations are the same and require a bespoke set of solutions that suit the needs of your business now and in the future. Implementing a cyber security framework requires three pillars; people, processes and the latest technology.
These three pillars of a cyber security strategy help organisations of all sizes protect themselves from both highly organised cyber-attacks and also common IT Security threats such as accidental data breaches and human error – such as an employee not recognising a Spear Phishing attack.
Our IT Infrastructure and Cyber Security Consultants will work with you and your organisation to design an IT Infrastructure that is tailored to meet your business needs or strengthen your existing Infrastructure now and in the future. If your business would to review its cyber security framework, please get in touch.