Some 16 years ago I fell victim to a cyber-attack, and it taught me a lot. It was 2006 and I received a strange email from eBay saying they believed my account had been hacked. They were right. I had fallen for a phishing scam; a fake website that looked so much like eBay that I didn’t even consider not putting in my username or password. In the process, I essentially handed them my keys. The number of online threats has grown significantly since then. So how are you meant to protect yourself online these days anyways?
The good news is there are a lot of ways people and businesses can protect themselves and their data online from opportunistic attacks, the most basic of which is maintaining good password hygiene and using Multi-FactorAuthentication (MFA), which we talked about in our previous blog series ‘Maintaining Good Password Hygiene’ Part 1 & Part 2.
To understand cyber security more, I really like using the NIST (National Institute of Standards and Technology) Framework which breaks the different steps down into their appropriate core functions. I’m going to apply this from a business lens, but the steps are equally relevant to each of us protecting ourselves in everyday life.
Organisations need to be able to confirm that the person accessing your business’ systems is who you believe they are, and that they are meant to have access to that system. Good password hygiene and MFA are a great approach to that, but a well maintained and reviewed access management policy and process is also vital here.
To protect yourself from attack, every business should be using a Next-Gen Firewall (NGFW), Endpoint Protection software, &Application Whitelisting systems to block attacks. You should implement CyberSecurity Awareness Training for your staff to give them ways to protect themselves.Add to this implementing Mobile Device Management for your company laptops, tablets, and phones to allow you to remotely block and wipe devices that may get lost or stolen. It’s also important to ensure your backups are protected, so consider solutions such as Immutable Storage and Offsite Replication to keep your recovery tools safe from damage – it’s these tools that you may need to rely upon in the event of a cyber-attack.
For anything that does manage to get through your protections, you want to be able to identify threats in your systems and react to them as quickly as possible to protect your systems, data, and staff. You may also have a legal obligation to report the incident, so crafting a response plan is a must.
Managed Detect and Response services are a great asset here, as they generally involve installing a service on your computers designed to identify anomalies, which are then analysed by a dedicated team of cyber security experts. These services are commonly referred to as a SOC, or Security Operations Centre. These experts can determine if a threat is credible, and work with you to respond to the incident.
This is the point where your backups come into play, but there may be more involved here than just getting your data and systems back to how they were. Consider the other impacts that your business may have during an attack, including financial, reputational, and contractual. Ensuring you have an accurately set up Cyber Insurance Policy is highly recommended as a risk mitigation strategy. You should also be making sure your backups are working and healthy; setup notifications for your backup jobs so you know when it works or fails and can respond quickly, and schedule regular restore tests.
It's important to remember that these are all protection methods, but none of them are guarantees. You could surround your home in steel plate, but someone can always get in with a plasma cutter. A determined enough attacker will likely manage to eventually find a way in, so it’s important to be prepared to respond if/when that time comes.
Cloudwize offers a range of cyber security solutions and services to help protect your business. If you have any questions, give us a call today on 02 5733 4000 or drop us an email here.
We’re all aware of the non-negotiables of personal hygiene, but similarly good password hygiene shouldn’t be an option.
Read ArticleWhat is phishing? Phishing is a kind of cyber scam, in the form of email – designed to trick you into unwittingly providing personal or confidential information.
Read ArticleWe know password security can be a bit overwhelming, but it doesn’t have to be!
Read ArticleGet in touch with us and we’ll arrange a free initial consultation to talk about how we can help you optimise your company’s IT infrastructure.
Arrange a Consultation Today
