5 ways to improve your cyber security
2017 was one of the more impacted years in terms of cyber-security. WannaCry caused troubles in the NHS, Equifax lost customer data and NotPetya affected companies such as Maersk and FedEx.
When the General Data Protection Regulation (GDPR) was introduced in May 2018, cyber-security was put at the forefront of our consciousness again. This time because the effects of data breaches have exponentially increased.
With all this talk about cyber attacks, fines and ransomware, you might be forgiven for feeling a little daunted by it all. After all, you’re probably not an expert in cyber-security or technology. Luckily, within the entrust IT Group, we put our heads together to compile a list of five, simple, realistic steps that can be used by any organisation to improve cyber-security.
Remember, it’s hard to keep a determined intruder out, but if you put these steps into effect, you can expect to see results.
Interested in Cyber Security and how you can protect your business?
Have a strict password policy (and enforce it)
You’ve no doubt been told how critical a strong password is before. No doubt you have been told the importance of a strong password before. However, you’d be shocked at how popular it is to have really bad passwords for end-users. Digital security firm 4iQ proved this when they released a list of the 10 most widely used passwords in 2018.
It looks like this:
- 123456
- 123456789
- Qwerty
- Password
- 111111
- 12345678
- Abc123
- 1234567
- Password1
- 1234567890
So how can make sure your password doesn’t suck?
We often suggest using a sentence that you find easy to remember and then combine the first letters of each word into your password. For example, ‘The Quick Brown Fox Jumps Over The Lazy Dog’ would produce this password: tqbfjotld. Even a skilled cyber criminal with advanced and sophisticated tools would have a tough time cracking that.
No matter what you decide to use for your password, it is essential to stay clear of using personal information such as the name of one of your pets. Seasoned cyber criminals will trawl through the personal information found online on social media platforms posted by you or your friends and family and can work these out fairly easily – you’d be shocked at how much information you can find online!
Additionally, you should avoid using the same password across all of your accounts. Obviously, this is because if a cyber criminal had access to one accounts password, they would also have access to all of them. Password managers like LastPass are handy tools if you find it difficult to keep track of all your passwords. Many of them have Google Chrome addins that store the passwords in your browser as well. They work by encrypting your passwords, to ensure your passwords are kept secure. You’ll be pleased to know this means you only need to remember one master password!
Finally, it is also beneficial to change your passwords regularly (perhaps every 6 months) and ensure you never share them with anyone. If it is necessary to share a password, see that you change it immediately afterwards.
Secure your Wi-Fi
All office Wi-Fi should have a secure password on it. This can be shared with employees, but not with anyone else.
If you require customer Wi-Fi, you should make sure it is a separate ‘guest’ Wi-Fi network and be sure that staff do not connect to it to complete their work. This is because cyber criminals have software that gives them the ability to gain access to secure files that are stored on your network – these can be a challenge to track.
Furthermore, if you allow remote working in your organisation, it is paramount that they log into a secure area to do their work if they are using public Wi-Fi networks. Secure browsers or Hosted Desktops the best way to ensure this is the case.
Minimise Public Cloud use as much as possible
If you know anything about technology, you will probably be familiar with popular Public Cloud services such as Google Drive or DropBox for business. All of these kinds of services are great and very convenient, but the security of them can be a little uncertain.
Large Public Cloud providers like Google do not always have our best interests at heart and make money from advertising revenue which relies on big data. Only a couple of years ago did it emerge that Google monitors the movements of its users even when they had been asked not to.
You may also recall the celebrity iCloud breach a few years’ ago. Admittedly, it was because of weak passwords. However, it should act as a reminder that the things you put online that you think are safe, are not always that way.
Furthermore, Public Cloud providers have datacentres all over the world, which means you can’t always be 100% as to where your data is being stored. As various countries often have different data protection policies and standards, storing your data in your geography is preferable.
There are some fantastic enterprise tools out there if you are looking for improved data storage and secure sharing options. For example, Citrix Content Collaboration (formerly ShareFile) is an enterprise file storage and sharing solution which is built from the ground up with security and compliance in mind (think Dropbox for enterprise). While it has the same functionality of Public Cloud storage solutions, it has the security that will ensure your IT team maintains peace of mind.
In fact, if you do need cloud data storage, it is a smart idea to partner with a Managed Service Provider (MSP) who will be able to provide this for you. What’s more – they will even be able to tell you the exact location of where they are keeping your data!
Regular patches and updates
On the second (and sometimes fourth) Tuesday of every month, Microsoft releases important security patches to their software and services. It is unofficially known as ‘Patch Tuesday’.
If you weren’t aware of that then don’t worry, that’s normal. However, if you were not aware of it, there is a big chance that you haven’t been keeping on top of these regular patches. Can you remember the last time you applied a security patch to your devices?
These security updates are released to respond to known vulnerabilities in your software. If you don’t keep up with them, you are leaving yourself open to a cyber attack.
These patches don’t just apply to your PC or phone either. They can also refer to office equipment such as fax machines and printers – indeed. they can also leave you exposed without the right updates.
Luckily, if you have an IT team, they should be on top of this. If you do not have an IT team, then it may be time to consider outsourcing your IT to an experienced MSP, who can do all of this in the background for you. For a monthly fee, they’ll handle all of the tedious IT stuff, giving you a little more peace of mind.
Train staff and have well-documented processes
In most cases, humans are the weakest link in the cyber-security chain. Either your employees use poor passwords, transfer company data on unencrypted USB sticks, or sign in their work email on a public Wi-Fi network.
Of course, these actions are not malicious. All employees are doing is carrying out their job in the way they find the most productive and successful. Regrettably, as most employees are unaware of the danger of cyber-security, these actions are also not secure.
This is where training comes in handy. Ensure that you have well documents ‘best practice’ security protocols for elements such as sharing documents and working remotely, and then make sure that all of your staff are properly educated in these best practices.
You should not fall into the trap of making your training sessions nothing but boring PowerPoint presentations though. Instead, try to make things as fun as possible and incentives your employees to adhere to the rules with rewards. This should help improve company-wide adoption. While not everyone will get on board, if they are educated of the dangers of poor security and understand the risks, they should think twice about their lax attitude towards it.
In conclusion
Cyber-security is complicated and there is no ‘magic button’ for improving it in your business. Ultimately, it is a game of numbers – you can expect better results if you spend more time on the defence. This why a lot of organisations are choosing to partner with an MSP who apply security measure for them. By distributing these resources around a broad customer base, MSPs are able to keep the costs down.
Serval IT Systems is an MSP with nearly 20 years of experience in doing just that. If you are interested in finding out more or are just after some advice – get in touch today.
However, if you’d rather do it yourself, start with the advice in this blog. You should expect to see a marked improvement in your cyber-security by following this advice.
Good luck!