“80% of cyber attacks could have been prevented by having basic security in place.”
Paddy Keating, Ascentor
Today we have access to more information than ever before. With the huge resources of the Internet; a massive increase in cheap storage capacity; the phenomenal take up of Cloud computing and social media – new threats and vulnerabilities arise. Technical equipment and systems are designed to be functional and feature-rich, not necessarily secure. Windows PCs only had a built-in firewall recently!
For business systems, this means an increase in information risks and frighteningly, a rise in security breaches. All is not lost, however. Just doing the basics will help protect you from many cyber-threats your information systems face today.
7 basic security controls to protect your business
Get the basics right with these seven controls and you’ll be a long way towards making your information systems more resilient.
1. Passwords: Have strong passwords, change them regularly and don’t reuse them, yes it’s annoying to have to remember them and can sometimes be counter productive if they are written on a sticky note under the keyboard or on the monitor but there are software tools that can help.
2. Patching: Most of us use Microsoft products for some aspect of our business work; Microsoft has been the target of choice for cyber criminals and hackers for many years and they have a good track record of responding to problems found in the their products, but Microsoft’s efforts come to naught if the user doesn’t update or “patch” their systems. Patching is paramount in protecting your IT hardware and the information it stores from today’s cyber criminals.
3. Anti-Malware: Install Anti Malware (Anti-Virus) and keep it up to date. In concert with patching anti-malware provides the best means of protecting against new types of attack.
4. Access: Restrict access to your valuable information to only those that need it. Do you really want to have the laptop that stores the details of the “next big thing” being used by your kids?
5. Admin Rights: Remove “admin access” from those that don’t need it. Microsoft has made good inroads with regards “built in security” with their latest operating systems, so consider upgrading.
6. Firewall: Work behind a firewall that is switched on! Even the inbuilt Windows firewall is better than doing nothing. If you work on a network you should consider a dedicated hardware firewall and a device to protect from the myriad of web-based threats. There are unified security devices that combine multiple security functions into one device that companies can use to protect themselves to reduce cost.
7. Encryption: In the ever more mobile workplace, encrypting the devices that hold your valuable data becomes essential. Regardless of what the data is stored on (laptop, smartphone, tablet, usb drive or even a humble CD) it’s the data that needs to be protected so if you can’t encrypt the device you really need to consider whether the risk of having the latest (cool) device is worth the risk of losing that valuable data.
Don’t forget, once you have your systems protected test them to make sure the controls have been implemented properly and make sure nothing has been forgotten.
Article by Paddy Keating, Director of Ascentor and Information Risk Management consultant.
