Cyber Security Check List

In 2015, a research team at Lancaster University concluded that 99% of cyber risks could be avoided through following a set of simple security measures. These measures, or controls, make up the basis of the government’s standard for security certification, called Cyber Essentials.

As a business owner its important to have a working knowledge of Cyber security as this directly affects the business and really is not dissimilar to needing to know your financial numbers in business. Having an understanding of your security stance is increasingly important whether you are a one-person business or a large corporate.

The Cyber Essentials questionnaire asks you to evaluate every device in your company (laptops, personal computers used for work, phones, the works) and whether it complies with the rules. If it is being used for work, it should be included. The certificate and the process is not just about gaining the accreditation but should be used to empower the business owner or responsible person with knowledge

Please find some questions you can pose to yourself.

Choose the most secure settings for your devices and software

• Know what ‘configuration’ means
• Find the settings of your device and try to turn off a function that you do not actually need
• Find the settings of a piece of software you regularly use and try to turn off a function that you do not need
• Read the NCSC guidance on passwords
• Make sure you are still happy with your passwords
• Read up about two-factor authentication

Control who has access to your data and services

• Read up on accounts and permissions
• Understand the concept of ‘least privilege’.
• Know who has administrative privileges to your data and on which machines
• Know what counts as an administrative task
• Set up a minimal user account on one of your devices

Protect yourself from viruses and other malware

• Know what malware is and how it can get onto your devices
• Identify three ways to protect against malware
• Read up about anti-virus applications
• Install an antivirus application on one of your devices and test for viruses
• Research secure places to buy apps, such as Google Play and Apple App Store
• Understand what a ‘sandbox’ is

Keep your devices and software up to date

• Know what ‘patching’ is
• Verify that the operating systems on all your devices are set to ‘Automatic Update’.
• Try to set a piece of software that you regularly use to ‘Automatic update’.
• List all the software you have which is no longer supported

Now we need to consider some general housekeeping.

Password hygiene
Good password hygiene is also vital. We would suggest that employees use a password manager to generate complex passwords and enable multi-factor authentication where possible. While much of the current focus is around ensuring that staff are secure, it is important not to forget about the organisation itself. Businesses should lay groundwork for employees by implementing the right security solutions.

Here are 6 tips on how you could handle your passwords:

1. Make them complex
People who use easy to remember or short passwords are inviting disaster. Use a little imagination and pick a password that is very difficult to attach to your life. Stay away from birth dates, phone numbers, house numbers, or any other number that is associated with your life.

2. Keep passwords unique
When you change your passwords, make them distinct from each other. Do not use the same password on all of your sites. If you do, then you are open to having every site that you have a password to being vulnerable to hackers – they will log on and steal your identity, money or destroy your reputation.

3. Be obscure
Use a combination of letters, Upper-Case and lower, numbers, and special characters if possible. The more you do this, the more secure your passwords will become. Create an alphanumeric version of a term you can remember. Using this technique the word “Spaceship” becomes “Sp@ce5h!p”.

4. Change regularly
This is the singular tip that can save you if you do not heed any of the other tips. How often should you change your password? How secure do you want to be? The frequency with which you change your password will determine how secure you are from becoming a victim. The more often you change it, the better you are. The longer you leave it the same, the more vulnerable you become. Three months is a good cycle for a password, but certainly if you fear for the security of your identity, then a monthly change is not out of the question.

5. Password-protect your PC
Be sure to give your PC a password on power-up. This will help protect your files if anybody attempts to access your computer.

6. Password-protect your wireless home network
If you use wifi at home, be sure to password protect it as well. Use the same principles above in order to secure your wireless network. This will prevent others from accessing your connection and using it to hack the personal or business computers you and your family use at home. Finally, there are password programs that can help with this vital task, but at the very least, heed the tips above – right away. Password software can be useful as an organisational tool, but is best used alongside sound methods to manage and make your passwords nigh-on impossible to crack.

Phishing
Phishing emails – when an employee is tricked into revealing personal information or clicking on a malicious link – are used widely by cybercriminals. The Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2019, highlights that of the 32% of businesses and 22% of charities reporting a cyber security breach or attack in the previous 12 months, 80% of businesses identified a phishing attack as the most common cause, and charities put the figure at 81%. In addition to phishing, there is vishing (with the fraudulent message conveyed via phone or voice message), and smishing (where text messages carry the criminal messaging), and pharming (which sees cybercriminals pointing to fake websites set up to resemble genuine sites).

Preventing cybercrime
Staff training, training, and more training is a vital weapon in the fight against cybercrime. One of the main problems with dealing with phishing type attacks is that it’s human nature to try and please and do one’s job well – and particularly when in a busy office environment, and if the request seems to come from a colleague, or the boss. So layering security services is essential. Just as cybercriminals are continually developing methods of attack, so the solutions and services from the security industry are continually evolving to counteract the attacks. Contact us now to find out how we can help you with advice that can keep your business safe both during this unique situation and in the long-term. An all-in-one cloud solution like Microsoft 365 Business can offer all the necessary productivity tools to support employees working from home, fully supported by advanced security features and protection against real-world threats. Microsoft 365 Business offers increased security options such as:

• ‘Secure Score’ checking to monitor and improve your business security
• Multi-factor authentication
• Increased protection against malware in email
• Spam filtering and anti-phishing functionality The full security benefits offered by Microsoft 365 Business can be found here. If you are using Microsoft 365, or another Cloud-based suite do check that you have ‘turned on’ all the relevant security features for your business. If you aren’t yet using Microsoft 365, talk to us today to find out how it can give you and your business peace of mind.

Stay safe everyone, if you need any advice on technology, IT or telecoms please reach out at ABCOM IT Solutions