With a lot of us now working from home for the majority of the week, it’s a good time to have a think about what equipment we have around us and if it’s fit for long-term use. Here are our top 10 things to consider.Read More
With more than 4000 ransomware attacks having occurred every day since the beginning of 2016 are you and your business taking the threat of a cyber-security attack seriously enough. Attacks on your business are inevitable. 65% of large organisations suffered a security breach in 2016 costing them time and money. This is why 51% of organisations have now undertaken 5 or more of the Government's 10 steps to cyber security.
These steps are:
1. Risk Management RegimeEmbed an appropriate risk management regime across the organisation. This should be fully supported by your board and senior managers. Clearly communicate your approach to risk management with the development of applicable policies and practices. These should aim to ensure that all employees, contractors and suppliers are aware of the approach, how decisions are made, and any applicable risk boundaries.
2. Secure ConfigurationHaving an approach to identify baseline technology builds and processes for ensuring configuration management can greatly improve the security of systems. You should develop a strategy to remove or disable unnecessary functionality from systems, and to quickly fix known vulnerabilities, usually via patching. Failure to do so is likely to result in increased risk of compromise of systems and information.
3. Network SecurityThe connections from your networks to the Internet, and other partner networks, expose your systems and technologies to attack. By creating and implementing some simple policies and appropriate architectural and technical responses, you can reduce the chances of these attacks succeeding (or causing harm to your organisation). Your organisation's networks almost certainly span many sites and the use of mobile or remote working, and cloud services, makes defining a fixed network boundary difficult. Rather than focusing purely on physical connections, think about where your data is stored and processed, and where an attacker would have the opportunity to interfere with it.
4. Managing User PrivilegesIf users are provided with unnecessary system privileges or data access rights, then the impact of misuse or compromise of that users account will be more severe than it need be. All users should be provided with a reasonable (but minimal) level of system privileges and rights needed for their role. The granting of highly elevated system privileges should be carefully controlled and managed. This principle is sometimes referred to as ‘least privilege’.
5. User Education and AwarenessUsers have a critical role to play in their organisation’s security and so it's important that security rules and the technology provided enable users to do their job as well as help keep the organisation secure. This can be supported by a systematic delivery of awareness programmes and training that deliver security expertise as well as helping to establish a security-conscious culture.
6. Incident ManagementAll organisations will experience security incidents at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and potentially reduce any impact. You should identify recognised sources (internal or external) of specialist incident management expertise.
7. Malware PreventionMalicious software, or malware is an umbrella term to cover any code or content that could have a malicious, undesirable impact on systems. Any exchange of information carries with it a degree of risk that malware might be exchanged, which could seriously impact your systems and services. The risk may be reduced by developing and implementing appropriate anti-malware policies as part of an overall 'defence in depth' approach.
8. MonitoringSystem monitoring provides a capability that aims to detect actual or attempted attacks on systems and business services. Good monitoring is essential in order to effectively respond to attacks. In addition, monitoring allows you to ensure that systems are being used appropriately in accordance with organisational policies. Monitoring is often a key capability needed to comply with legal or regulatory requirements.
9. Removable Media ControlsRemovable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.
10. Home and Mobile WorkingMobile working and remote system access offers great benefits, but exposes new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers. Train users on the secure use of their mobile devices in the environments they are likely to be working in. Making simple changes to how your business handles cyber security could make a big difference to preventing an attack from happening. Becoming Cyber Essentials accredited is a great way to learn more about the issues and to educate your staff too. We have guided several companies through their accreditation and would be happy to go through the process with you. We also offer full cyber security audits, where our skilled engineers will come in, assess what you have in place, and make recommendations for how you can improve. If you would like to find out more about how Datcom could help you with your cyber security please contact us on 01476 858888.
Whether you’re talking to colleagues two floors up, or 200 miles away, Teams is a great collaboration tool. Even the free version can help people communicate and collaborate – either within, or across, organisations. So why should you add Teams Telephony to your package?Read More
MFA stands for Multi-factor Authentication. It means users have to provide two or more verification factors to access a resource, such as an application, online account, or VPN. If you have MFA on all your business and personal online accounts, then you are already more secure than 85% of businesses. Let’s compare the various MFA methods available and see how we can make your account even more secure.Read More