We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Then some of us huddle together to figure out the plan to avoid such breaches with our business. We think we need to get Penetration testing done on our network, Sign up for Darkweb monitoring, threat intelligence, etc... No to mention some of us just think 'it won't happen to us'. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your business. If you haven't already implemented any of these in your business I highly recommend you do. Here are the hygiene standards.
Inventory
This is the very first thing we need to do. We need to know what we are protecting and hence we need to what we have on our estate. Inventory of all the hardware, software and data/information. It will also help you with high priority and low priority elements so that can you can start focussing on the right stuff. There are a number of free and paid tools that can help with this process.
Strong Authentication
If there is one low hanging fruit (quick win) in security it is this. You can do this straight away with very fewer resources required. Harden your authentication methods for your systems. Implement two-factor authentication. Most businesses are on Office 365 for their emails now and it's easier than ever to implement 2-factor authentication on your emails. After all, 95% of the successful cyber attacks start with an email. We need to protect it.
Also, if you have multiple logins for various different applications look into Single Sign-On. It will make life easy for users. Help to eliminate the risk of using weaker passwords. I recommend having Single Sign-On with two-factor authentication enabled. Most applications now support SSO and two-factor authentication now.
Firewalls
Change the default passwords on the firewalls. Close the unnecessary ports. Restrict the remote admin access to specific IP addresses. Keep the firmware up to date.
Secure Configuration
I am amazed when I hear the printers, routers, firewalls, etc... still have the same default login details. Change them and change them now. Remove the unnecessary applications and features on your network. Having them only cost you time and money as you need to maintain them. If you deploying new PCs or infrastructure it is the best time to harden and standardise your security controls. Also, have proper onboarding and offboarding procedure for employees. Remove/disable the accounts that have left the company.
Malware Protection
Don't use the free Antivirus software. They are free for a reason. Get robust software that can block the known and unknown threats. Keep them up-to-date. Have regular scanning enabled.
Email Spam-Filtering
As I said above 95% of the successful cyber attacks start from an email. Stop the SPAM and Phishing Emails before they hit in your users' inbox. Implement an email spam-filtering solution. This won't cost you much and yet improves your security posture a lot. There are some really good solutions out there including Office 365 Advance Threat Protection, Mimecast, EveryCloud, etc...
For more info visit https://thetechforce.co.uk/blog/2020/essential-cyber-hygiene-for-business/
