We are constantly hearing how important Cybersecurity is and that we need to protect ourselves against cyber criminals but how can we actually do this? As part of Cybersecurity Awareness Month we want to demystify the confusion around cybersecurity and outline the steps you can take to protect your business against malicious attacks.
When looking a Cybersecurity and how we can protect your business we focus on 4 key areas:
- Protecting Your Users
- Protecting Your Devices
- Protecting Your Network
- Protecting Your Cloud Apps
Protect Your Users
There are a number of steps you can take to protect your users against a cyber-attack, such as:
- Creatong a security culture in your organisation by providing User Awareness Training on a quarterly basis to educate your users on how to identify common Cyber Security Threats.
- Implementing Multi-Factor Authentication for application that can be accessed from the Internet.
- Introducing Strong Password Policies into your organisation with Complexity requirements, such as 12-character passwords with special characters, and enforce a “Banned Password List” within your organisation.
- Managing user permissions and implement a “Least Privilege Access” which means only give users enough rights to work effectively. There’s no need to give all users Admin roles and full access to all files on your network. You can increase user permission as needed.
- Always locking your device when you are not near it by pressing the Windows + L (WIN + L) key to quickly lock your device.
Protect Your Devices
You can take a number of steps to protect your devices, including:
- Ensuring you have up-to-date Anti-Virus & Anti-Ransomware installed on all devices.
- Implementing Account Lockout Policies, for example, after 6 failed log in attempts on a device or a user account you can have a policy in place that locks the account until the issue is identified.
- Making sure all devices all managed by a Mobile Device Management system which can remotely wipe or lock devices in the event of an emergency.
- Safeguarding the data on your mobile devices by encrypting these devices to prevent unauthorised access.
- Running regular patch updates on your devices with the latest security features for your applications.
Protect Your Network
To protect your network from malicious attacks you can:
- Install a modern managed Firewall on your network to ensure your systems always have the latest security features.
- Run regular patch updates on your servers with the latest security features for your to protect your network.
- Using a secure VPN with MFA enabled can help prevent hackers from seeing your internet activity by creating a secure encrypted link to your office network.
- Enable Web Content Filtering on your network to block access to personal email accounts or inappropriate content on company devices.
- Implement Guest WiFi Networks for visitors to your site.
- Ensure there is appropriate physical security in place to Critical Network Systems such as servers or comms cabinets.
Protect Your Cloud Apps
There are a number of steps to follow when protecting your cloud applications, including:
- Protecting against malicious or accidental loss of data from your cloud applications with remote Cloud to Cloud Backups.
- Implementing Multi-Factor Authentication for all cloud applications to help prevent unauthorised access.
- Securing your email and reduce your exposure to malicious attacks by implementing spam email filtering.
- Adhering to cybersecurity best practice principles by reviewing your Microsoft 365 Secure Score with you IT Admin.
- Where possible, adding an additional layer of security to your cloud applications by restricting access to your applications by location, e.g. from Ireland only or within the EU.
Cybercrime in Ireland
There are a number of cyber threats facing Irish companies. A recent survey conducted by Hiscox Insurance showed that:
- 41% of businesses suffered a cyberattack between Sept ’19 – Feb ’20.
- One Irish company suffered total cyber losses of €17.8m.
- The total cost of cyber incidents and breaches among the 335 Irish companies surveyed was over €113m.