5 Ways to Improve Cyber Security

Ensuring your employees care about cyber security is about more than the regular staff training done for compliance reasons, it’s about making the workforce a highly effective front line of cyber defence. Human error presents the biggest risk to organisations, and developing employee cyber awareness is the smartest thing you can do:

• Train and educate your staff using a range of techniques, many of which are now automated and fun, with employees having their own cyber risk scores.
• Implement a strong password policy, mandating at least 12 characters, including numbers, symbols and capitals.
• Introduce two-factor-authentication to make it harder for attackers to breach your infrastructure and systems.
• Limit employee access to only those systems and applications needed for their role.

Cyber Essentials is a government-backed certification scheme by the National Cyber Security Centre (NCSC). It’s an accredited programme with two levels, Basic and Plus - designed to mitigate over 80% of threats. Certified companies are able prove to customers that their operations are formally accredited as trustworthy and secure.

The five technical controls applied to reduce risk are:

1. Ensuring systems and software are up to date and secure, preventing cyber criminals from using vulnerabilities in your infrastructure and systems.
2. Controlling use of data and services based on levels of access. Ensuring employees only have access to the data they need limits the risk of accidental and malicious damage.
3. Secure, active, and effective firewalls must be in place to create a security filter between the internet and the organisation’s network and devices.
4. Settings and systems should be configured correctly, with secure device set-ups to minimise vulnerabilities and the risk of exploitation by cyber-criminals.
5. Systems must have adequate protection against malware and viruses, identifying and immobilising viruses and other malicious software before it has a chance to cause harm.

No security solution guarantees immunity from attack, and it’s likely you’ll be breached at some point in the future, so back-up and recovery capabilities are needed to protect your data and enable continuous working in the event of a breach.

• As a minimum, hybrid solution consisting of onsite backup and offsite cloud storage should be used. Quick recovery is possible using the onsite system and your data is secure and easily retrievable from the cloud.
• Highly effective recovery-as-a-service solutions with continuous data protection will provide business continuity by eliminating harmful downtime and protecting business-critical data. Disaster recovery and risk mitigation are brought together here, in an affordable and easy to manage solution.
• When calculating the amount of storage required for a backup, it’s important to include operating systems and applications capacity requirements in your total figure.