6 Key Ways to Prevent Cyber Attacks on your Organisation
Employee education is a cyber security essential
TSG’s IT Services Manager, Andrew Fox, stresses the important part your employees play in keeping your business secure, saying: “It’s crucial to understand the key role that your employees play in keeping your organisation safe and particularly in treating any unexpected communications or requests with caution. These malicious messages often come from customers, suppliers, or other trusted email accounts that have themselves been compromised, so the same important message still applies:
Do not access any shared files or links you were not expecting or cannot verify independently with the sender.
In addition to the usual booby-trapped file or document sharing links, some of the more recent examples we’re seeing circulate are taking advantage of the current political events, with various similarly themed emails asking you to ‘click here and support Ukraine’, for example. Taking a few minutes to think cautiously before you click can go a long way to preventing a much larger security incident.”
How to prevent cyber security attacks
Get the Cyber Essentials accreditation
We strongly encourage all of our customers to acquire the Cyber Essentials accreditation for their business.
Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyberattacks. This is important because vulnerability to simple attacks can mark you out as a target for more in-depth unwanted attention from cyber criminals and others.
Certification gives you peace of mind that your defences will protect against the large percentage of common cyber attacks simply because these attacks are looking for targets that do not have the Cyber Essentials technical controls in place.
- Patch all your users’ computers as well as their mobile devices, including browsers and productivity applications like Microsoft Office. Turn on automatic updates.
- Make sure your organisation’s devices have been updated as well. In certain cases, this is done differently than software updates.
- Use known security flaws to ensure that your internet-facing services are patched. Unpatched security vulnerabilities in web-facing services pose an insurmountable threat.
- Keep your company applications and patched as often as possible. Maintain extra safeguards in the event of unpatched vulnerabilities.
- In light of the increased risk, take a look at any current business cases for systems that are known to be unpatched.
Review how people access company information
- Employees should be reminded to use passwords that are exclusive to your company’s systems and are not used on any other systems. Make sure your passwords are strong and unique, and replace any that aren’t, quickly.
- Take a look at user accounts and delete those that are no longer in use. Verify that your multi-factor authentication (MFA) is set up correctly if you have it turned on for your account. Check to see whether it’s enabled on your systems and user accounts.
- Remove any accounts with administrative or privileged access that are no longer in use or recognised. MFA should be used wherever possible when managing accounts with privileged access or other permissions. Access to critical resources and information should be appropriately safeguarded, as well as the system administrator’s privileges.
Review your anti-virus software and firewalls
- Ascertain that anti-virus software is installed on all computers and that signatures are being updated appropriately on a regular basis.
- Do a thorough check to see whether any firewall rules have been kept in place past their intended lifespans.
Do you have a suitable backup plan in the event of failures?
- Verify that your backups are working as expected by checking the status of each. Do several test restores from your backups to make sure you understand and are comfortable with the process of restoring your data.
- Maintaining an offline backup of your data and system settings is essential in the event of a data or system breach.
- Check to see whether backups include not just data but also the machine’s state and any crucial external credentials (such as private keys and access tokens).
What access do third-party applications have?
It’s critical that you know exactly what privileges are granted to third-party organisations that have access to your IT networks or estate, and to whom. Allow just those who need it. Make certain that you are familiar with the security procedures followed by any third-parties you may be working with.
Where to find the right cyber security partner for you
If this isn’t your area of expertise, your employees don’t have to shoulder the sole responsibility of defending your company. Businesses are increasingly outsourcing their IT operations to cyber security professionals like TSG, who provide trustworthy managed security services and can help you to understand how to measure and manage cyber security risk.
We can provide cyber security audits and training to assess the level of security knowledge your employees have and the level of defence you have on your systems. Additionally, you can rest assured that you’ll always be one step ahead of the game when it comes to security, and you’ll be able to free up your valuable internal resources.