With employees, customers and partners all working from multiple locations on a multitude of personal and mobile devices, we find ourselves at risk of increased Cyber Security attacks. The latest Cyber Security Breaches Survey has recently been released with four in ten businesses (39%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months hence why Infinity Group have put together this Cyber Security Risk Mitigation Checklist.
Here is some interesting data and statistics garnered from 2020:
• 78% of senior IT and IT security leaders lack confidence in their company’s Cyber Security Posture according to yahoo.com
• On average, only 5% of companies’ folders are properly protected according to Varonis
• More than 90 percent of all healthcare organisations reported at least one security breach in the last three years. according to beckershospitalreview.com
• Identity theft has spiked amid pandemic with 1.4 million reports of identity theft last year, double the number from 2019 according to WeLiveSecurity.
How cyber secure is your business?
Considering the damage that Cyber attacks can wreak on businesses, it is now time now for businesses to assess their cyber risk mitigation. We have put together the following comprehensive cyber security risk mitigation checklist to create an awareness and therefore demonstrate how prepared a business is when it comes to Cyber Security.
Cyber Security Risk Mitigation Checklist
1. Do you provide regular user training?
It is imperative to provide regular 6-month training to employees on the latest Cyber Security trends. They need to know what to look for and this will include the latest phishing, password security, device security, and relevant physical device security. Employees also need to know how to protect confidential data, the importance of strong passwords and what to do in the event of a breach.
2. Are your operating System and Applications patched and updated?
By keeping an organisation’s computer applications and operating systems up to date with the latest security patches, much of the Cyber Security risk is mitigated. It is the simplest and most effective initial step for an organisation.
3. Have you implemented automatic Antivirus updates?
The latest version of an antivirus solution is the key to decrease risk. Make sure that subscriptions are renewed so that the antivirus software downloads update automatically. Educate users on the importance of these updates.
4. How strict is your Password Policy?
Implementing multi-factor authentication mitigates 99% of identity theft, thereby decreasing Cyber-risk drastically. However users must led by password polices that ensure passwords are changed from their defaults and are not easy to guess (“password,” “admin,” and “1234” are weak choices).
5. Do you control who accesses your business data?
Controlling what data users have access to does take time to initially set up but this can be deployed rapidly with the allocation of ‘security roles. The exceptions to access can be managed on a case-by- case basis. Additionally, keeping highly sensitive systems restricted by way of the ability to export or create reports on data further keeps sensitive data safe.
6. Do you restrict who has administrative access?
Few and only role-relevant users should have administrative access to computers, networks, and applications. This will limit the Cyber security threat mitigation risk of malware being installed or security measures being amended.
7. Have you got a network segmentation and segregation strategy?
To create a secure network architecture, an organisation should implement a network segmentation and segregation strategy which would limit the impact of an intrusion. The most sensitive and confidential data will be protected because it will not be accessed because of the checks and balances in place.
8. Are your company devices secure?
By implementing disk encryption and remote-wipe capabilities for company devices would render them useless when lost or stolen. This has become increasingly pertinent with the remote working environment that the world has found itself in due to COVID 19.
9. How do you protect mobile devices?
Mobile devices (personal and company owned) should have strong screen locks or biometric authentication as well as remote-wipe capability implemented. Policies must be in place to enforce protected usage.
10. Are your business emails encrypted?
Educating users on the importance of the policies in place to manage email applications and safe usage is very important. Using email encryption properly in email applications and knowing to never use email to share sensitive data on external devices will result in more policy control.
11. Is your IT Policy up to date?
As mentioned before, IT policies take time to initially set up but are worth their weight in gold in setting up what constitutes preparedness and Cyber-readiness.
12. What layers of protection do you currently have in place?
Having multiple layers of security providing different levels of protection – like antivirus, a firewall and MFA – means that it is just that much harder to penetrate an organisation’s walls. Cyber criminals look for low hanging fruit first.
13. When was the last time you performed a vulnerability scan?
Scanning for cyber vulnerabilities both internal and external once a quarter, using specialised software, will detect any harmful programs that were downloaded into the organisation’s footprint.
14. Is your Data Backed up regularly and how quickly can you recover it?
To recover from a cyberattack, it is imperative to have data regularly backed up to a secure, encrypted, and off-site location. It is also essential for compliance with certain government regulations.
15. Cyberattack Response Planning
Identifying a clear path of how to mitigate the damage from a successful cyberattack and getting systems up and running immediately will identify several gaps in many organisation’s current plans. A Cyber Security breach response plan is a regulatory requirement in several industries.
Having assessed how ready or prepared an organisation with regards to being Cyber secure, you may consider appointing a Cyber security Consultant. Your chosen Cyber Security Consultant will help you work towards and achieve the best suited Cyber Security framework, provide support and best practice advice and help reduce costs while your organisation navigates the increased security risks. We have also put together some useful tips to consider when looking for a cyber security partner.
Infinity Group are experienced Cyber Security Consultants with 9 Microsoft accreditations. Please get in touch to discuss your Cyber Security needs.