No matter the size or industry, cyber criminals are not choosy when deciding the target of their attacks – what does matter is the commercial value of the data that companies possess and what the criminals can do with it. From customers’ contact details and sensitive information to credit card and bank account numbers, there is a wide choice for criminals. If you are responsible for your company’s cyber security, follow these four simple rules developed by staysafeonline.org and reduce your company’s chances of falling victim to cyber attacks.
Identify your business’s ‘crown jewels’
The first rule is to understand the value of the information you hold, which is different from what you value the most. You might think that customers’ order details are more important than employee contact details, for instance, but what if staff login credentials are stolen in a social engineering attack? You’ll be breached. Have a think about all the information you store and assign a value, from public to confidential to top secret. All information should be considered, including the company’s documentation, and customer and employee details.
Protect what’s important
The next step is to secure the most valuable information. You can do that by restricting access to the most important documents and files or using encryption.
Be able to detect security problems
Monitoring and detection should be a constant in your life. Implement firewalls and anti-malware software to identify and prevent unwanted traffic or malicious code from having access to your system.
Always be prepared
Make sure all of your software is patched for the latest vulnerabilities and your devices are doing only what they are required to do – nothing less and nothing more.
Four rules all at once
There is an easy way to follow these four rules all at once: being Cyber Essentials certified. To get certification, you are required to implement five security controls that could prevent around 80% of cyber attacks, according to the UK Government. These five controls are:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access control and administrative privilege management
- Patch management
- Malware protection
These are exactly what the four rules above are about. Achieving certification is well within your reach: if you are able to implement the five security controls by yourself, you can get your Cyber Essentials badge for just £300 with our Cyber Essentials – Do It Yourself packaged solution.
If you want to discover how Cyber Essentials can help SMEs protect their brand reputation, download this free guide.