Reducing Exposure To Cyber Attack
Cyber security is finally getting the attention it deserves in the boardroom. As the number of high-profile data breaches continues to rise, there’s been a greater emphasis on managing cyber risk to reduce the chance of an attack. Furthermore, while cyber security is everyone’s responsibility, resilient organisations require positive leadership.
If the CEO visibly takes cyber security seriouslyt hen this will permeate throughout the organisation and help create a culture of enhanced cyber security awareness.
- Boundary firewalls and Internet gateways - establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
- Malware protection - establish and maintain malware defences to detect and respond to known attack code
- Patch management - patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
- Whitelisting and execution control - prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
- Secure configuration - restrict the functionality of every device, operating system and application to the minimum needed for business to function
- Password policy - ensure that an appropriate password policy is in place and followed
- User access control - include limiting normal users’ execution permissions and enforcing the principle of least privilege
- Security monitoring - to identify any unexpected or suspicious activity
- User training education and awareness - staff should understand their role in keeping your organisation secure and report any unusual activity. We strongly recommend GoCyber as powerful training tool to transform user behaviour.
- Security incident management - put plans in place to deal with an attack as an effective response will reduce the impact on your business
Home, mobile working and remote system access offers great benefits, but produces new risks that need to be managed. You should establish risk based policies and procedures that support mobile working or remote access to systems that are applicable to users, as well as service providers.
If you would like more specific information about how you can improve your cyber home and business security, please contact Cyber Security Intelligence for recommendations on the right solutions for your business.