In light of some of recent high-profile attacks; We wanted to share some basic cyber security tips for business of all sizes and provide a simple checklist so that you can audit your company’s cyber security strategy.

For seasoned security experts this is all standard practice but as we have seen, even the biggest companies in the world can overlook the basics and get caught out.

 

You can download the .PDF checklist here

 

1. Sharing Passwords – What’s your strategy?

Pinning Passwords to Slack is not a good idea (See – Twitter). Sending it in an email or even in a private message is no better. Nothing beats old fashioned verbalisation or writing with a pen and paper (that is destroyed afterwards). In today’s world we can also simply use a Password manager.

 

2. Password Managers

As hard as we try, most passwords are pretty easy to crack. Which is why Password Managers are great for automating different complex passwords each site you use.

Password Managers aren’t perfect, but using one is a lot more secure than “Password1” or your mother’s Maiden name.

Here is a good list of password managers to research.

 

3. 2 Factor Authentication 

There are some downsides to 2 Factor Authentication, as some high profile hacks have been caused by 2FA manipulation. However industry experts tend to agree it is better than simply using your password.

Having a 2nd layer of protection should stop most basic social engineering hacks, in fact Microsoft believes it could contribute to stopping 99.99% of hacking attempts on their accounts.

 

4. Regularly Auditing Employee Access

Disgruntled former employees with access to your data is not a good combination. With so many various access points, it’s important that proper security audits are done when someone leaves your organisation. Think of social media platforms and other third-party software services with shared logins and ensure access is revoked.

 

5. Locking Idle Computer Screens

Your bathroom break could become a security crisis unless you take precaution and lock your screen. Mobile phones tend to have this built in but the behaviour doesn’t always translate to laptops or desktops.

Building a culture of security should start with locking your screen, and if you want to be extra safe, there are numerous ways you can automatically lock your screen when you go inactive, here is how to do it for Windows.

 

6.Phishing Education

Phishing is the method of obtaining data via fraudulent means often by disguising oneself as a trustworthy partner. This type of attack is common in email, through duplicated sites or instant messaging.

 

Screenshot 2020-07-21 at 15.01.36

 

Educating your staff on Phishing is important as human error is the number one cause of serious attacks.

Phishing.org is a good resource for information on Phishing.

 

7. Up to date Firewall

Firewalls keep a lot of the bad stuff out and are a worthy investment for all types of business. However, an outdated firewall is not much use. Threats evolve constantly and it’s important to keep your firewalls up to date with the latest version.

 

8. Update your Software too

On the topic of keeping things up to date, it’s important that you continually ensure your software stack & operating systems are up to date with the latest versions. Companies continually release patches and bug fixes and publish the vulnerabilities that are resolved. This is great unless you are using an old version of the software, then it serves as a road map for an attack.

 

9. Create An Incident Response plan

The size of your organisation will determine what kind of incident response plan is necessary but every business should consider the worst and plan for it. By preparing contingencies you can mitigate the damage caused by an attack. Here is a good guide for SMEs. 

 

10. Continuous Security & Vulnerability Assessments

Continuous Security is the practice of ongoing vulnerability assessments in your software and web applications. We have written about it at length here.

By continually testing your website and /or web app (s) you will know your vulnerabilities before any hackers do.

Crashtest Security Certificate

While it sounds intimidating, it doesn’t have to be difficult. We’ve built our software to be extremely user friendly and you can set up a scan of your site within 2 minutes.

You can start your journey towards Continuous Security today, we offer a 14 Day Free Trial to test all your web applications.