Keep your business safe online

We’ve partnered with the ECSC to help you become fully certified for Cyber Essentials as you take your first steps towards a more secure cyber environment in your workplace.

Cue the popular Ryan Reynolds meme, ​‘But why?’… it’s really simple, cybersecurity is an ever-increasing threat with new angles of attack and vulnerabilities being discovered daily. 

To many of us, it can be very easy to dismiss as something that might not immediately affect you or one could assume that your company won’t be targeted by rogue elements. Protip, don’t be that person.

Fortunately, the vast majority of attacks can be prevented by getting the basics right and establishing a security routine that becomes second nature to everyone, not just the tech-savvy folks amongst us. 

The government led ​‘Cyber Essentials’ lays out five basic points that, if followed correctly, will help to protect against most attacks. 

The fairly recent ​‘WannaCry’ attack – a ransomware exploit that encrypts and locks a PC while demanding a ransom to unlock – only became so widespread because two of the five basic points were not followed. 

This had devastating (and costly) effects on NHS systems nationwide… in short, not a great look for all concerned.

The other vulnerabilities that you’ll come across will be unwittingly caused by your organisation’s own people and all you need to do is ensure that they know the difference between a real and a fake (or malicious) request, as well as ensuring that there’s a clear escalation process when anything is in doubt.

So… how do you avoid something like this?

Well, here are five simple tips and necessary actions that’ll help you to up your security game considerably.

1. First of all, invest in a firewall. If you don’t have one, get one (it may already be provided as part of your router software or internet package). If you already have one, check for what traffic is actually allowed through and then close any holes in your network that are not necessary. As a rule of thumb, web servers should only have ports 80 and 443 (HTTP and HTTPS) open with any other access restricted through a VPN (Virtual Private Network) or at the very least locked to the IPs that require access.
2. Secure your accounts, it’s actually mind-boggling how many people use easily crackable passwords and logins. Change any (and all) default passwords, ensure that all email accounts have strong, unique passwords. 2-factor authentication should be used whenever possible. You can even download the Google Authenticator app for your smartphone (it’s automatically installed on Android phones) and use that to provide you with unique login codes for programs/​apps that offer 2-factor authentication. There are other very good authenticating apps out there, such as LastPass and Microsoft Authenticator. We’ll be honest, if any software that you use offers 2-factor login make sure that you use it.
3. Check privileges, ensure that people only have access to the services they need, particularly administration accounts. If an account is compromised this means that the damage done can be limited as much as is possible.
4. By installing anti-virus protection and running regular scans you can ensure that your whole team is protected from viruses, however large or small.
5. Last and by no means least, keep everything up to date. Vulnerabilities within the software and operating systems are often discovered and patched well before they become known to the public. So, it’s well recommended that you keep on top of any and all updates.

Should you require help with protecting your organisation from any and all outside rogue elements, we’re on hand to help assist in your needs. 

If you’d like to speak to someone, feel free to give us a call on 01539 722 712