Introduction
Like it or not, there’s a good chance your business will be threatened by a cyber security incident over the coming year. With the nation-states now taking sides, the likelihood of a cyber attack has increased.
In this article, we will discuss some of the primary measures your business can take to help reduce the risk of a cyber incident or data breach.
Network Related Attacks
These types of attacks include: man in the middle IP theft and DDOS (denial of service).
The primary risk reduction method is to ensure all network traffic is encrypted and only SSL encryption technologies are used.
Services such as Office 365 for email, file and collaboration employ SSL as standard.
File and Data Access
These types of attacks include: Information Theft | Data Breach | Document Theft | Personal Data Loss | Password Attacks
All business devices should be encrypted and restrictions put in place such as:
A) Biometric data access (face ID or touch)
B) Password protection
C) PIN access
In addition to these measures, another layer of multifactor authentication should be used on all user accounts within the business.
Mandatory implementation of MFA (multifactor authentication) can help reduce the risk of data loss significantly.
Device Infection Attacks
These types of attacks include: Drive-by Downloads | Rogue Software | Cryptolocker | Ransomware
Remote monitoring and alerting should be put in place as standard by your It provider. It will provide your business with an additional security layer.
Monitoring both activities on devices and alerting the potential infection.
The base security layer on all devices enforces admin only rights for all software installs.
A backup restoration process can be initiated when a device becomes infected with Ransomware or Cryptolocker.
The backup retention period should be at least 30 days, and the restoration process should be tested on a regular basis.
Supply Chain Attack
In the event of a supply chain attack, there are a number of scenarios that should be simulated and documented in a cyber security response plan.
These include restricted access to key operational systems, including email, finance and payroll systems. In the case of a supply chain attack on Office 365 and Microsoft services, the recovery procedures should be in place for limited file access in the form of local backups of Office 365.
If you would like assistance in reviewing your current IT security stack, then do not hesitate to get in touch with us today.
Get in touch with us
Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.
Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.
Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.