Achieving effective cyber security doesn’t have to be a long and expensive process. There are many simple controls you can implement to boost your defences.
Let’s take a look at five of these must-have measures.
Staff awareness training
The more you know, the better prepared you are. Training courses show staff how security threats affect them and help them apply best-practice advice to real-world situations.
Training courses also help employees understand the importance of processes that are designed to protect information, like keeping laptops secure outside the premises and properly disposing of information and devices that contain sensitive information.
One of the benefits of staff awareness training is that it can be conducted online via a third party. This makes it much cheaper than classroom or in-house training, and you don’t have to worry about the loss of productivity as your employees disappear for days at a time.
Instead, they can take the course relatively quickly – our information security e-learning course can be completed in 45 minutes, for example – and study at a time and place that suits them.
One of the simplest ways to mitigate the risk of data breaches is to limit the information that staff have access to.
Access controls ensure that staff can only view information that’s relevant to their job. For example, someone in marketing must be able to view contact information for those who have signed up for a service, but they won’t need access to, say, HR files and payroll data.
Walling off those parts of the system ensures that staff can’t compromise that data, either accidentally or maliciously. It also protects organisations should a criminal hacker break into an employee’s account, as they will only be able to view a select amount of data.
There are several inexpensive tools you can use to detect suspicious activity on your organisation’s networks.
This includes attempts to access privileged information (whether from an employee or external actor), login attempts from unusual locations and unusual activity related to the way information was viewed.
Monitoring this information gives you a head start when it comes to active or attempted system compromises. You can use the information gathered from monitoring to shore up vulnerabilities and, if a breach has occurred, to quickly stem the damage and move promptly into the remediation process.
Another way to get ahead of potential security incidents is to run regular vulnerability scans. These are automated tests that alert organisations about weaknesses that could be exploited by criminal hackers.
Vulnerability scans are essential whenever you roll out new services or make significant changes to your internal systems. Taking the time to test these systems before they go live could prevent massive headaches down the line.
People’s inability to create strong passwords – and to protect them – is perhaps the biggest information security problem that organisations face.
Almost half of the UK population uses ‘password’, ‘123456’ or ‘qwerty’ as their password, and those that choose more complex phrases often write them down somewhere or reuse them for multiple accounts.
This means that miscreants don’t need any hacking expertise to cause vast breaches. They can simply either plug in the credentials that they’ve found or log in to another account using the same details.
You can address this weakness at almost no cost by implementing a password management policy that instructs employees on the way they should create and look after their login credentials.
This should include guidance to ensure that everyone creates strong passwords and keeps them secure. You might request that staff use a password manager or simply that they don’t keep the credentials stored in digital or paper form.
Win the war on cyber crime
Many of the tips we’ve listed here overlap with Cyber Essentials, a UK government-backed scheme that helps protect organisations against the most common causes of data breaches.
Those that fully implement the Cyber Essentials controls can prevent around 80% of cyber attacks.
You can find out more about the scheme by enlisting in Operation Cyber Secure. This five-week boot camp drills you on the ways you can improve your organisation’s resilience to attacks.
Cyber Essentials is the first topic and the foundation of your defence measures. It’s followed by staff awareness training, vulnerability scanning and penetration testing, risk assessments, and ISO 27001, the international standard for information security.
Those who sign up receive a free copy of the Cyber Security Combat Plan, which outlines the defences measures you should take to protect your organisation from cyber attacks.
You’ll also receive weekly emails that provide more information on how to take those measures.