Making sure information, data, intellectual properties and the network itself are protected from cyber threats is the ultimate goal of an effective cyber security strategy. To pursue the objective, a company should secure its most valuable resources from threats that fall into three categories: external, internal and hidden threats.
Building up defences to secure the company’s boundaries visibly reduces the chance of external unauthorised access, particularly from cyber criminals. Boundary firewalls and gateways, for instance, provide a basic level of protection: they monitor all network traffic, and identify and block unwanted and possibly harmful packets, but they don’t protect against malicious content. That’s why they need to be paired with anti-malware software to protect systems from viruses, worms, spyware, botnet software and ransomware.
Insider threat is still one of the main causes for data breaches – malicious or unintentional – according to Verizon’s latest report. Careless or resentful employees can leak information or provide access to external parties without the company knowing. This risk can be mitigated by ensuring computers and network devices are configured properly, so that they provide only the services they are supposed to provide, e.g. finance-specific software does not need to be installed on every machine.
Furthermore, staff misuse can be discouraged by restricting access to privileged accounts. Administrator access should be assigned to a restricted number of staff, usually IT, while the rest of the employees should have access only to accounts they need in order to perform their duties.
Technical vulnerabilities are common for any software, and, once discovered and shared publicly, they can be easily exploited by cyber criminals. Keeping on top of software patching makes your company more secure.
Five security controls to mitigate three threats
If you haven’t realised, the above tips to secure your company from external, internal and hidden threats are basic descriptions of what the Cyber Essentials scheme requires. The scheme’s five security controls could prevent around 80% of cyber attacks:
- Secure configuration
- Boundary firewalls and Internet gateways
- Access control and administrative privilege management
- Patch management
- Malware protection
Implementing these five security controls is the first step to achieving Cyber Essentials certification and it is well within your reach, whatever your budget and level of technical expertise. Starting from £300, we have three packaged solutions to provide you with tools, expert help and the certification service to let you get Cyber Essentials certification at your own pace. Discover our Cyber Essentials and Cyber Essentials Plus packaged solutions.
Correctly implementing the five security controls not only strengthens your company’s cyber security but also improves business efficiency. Check out this free guide>>
Contribute to making the UK one of the safest places in the world to do business online with Cyber Essentials. Get certified today >>