All businesses should establish basic security controls and processes to protect themselves from common cyber attacks. Four stages have been identified, Survey, Delivery, Breach and Affect along with prevention controls at each stage to reduce your organisations exposure to a successful attack.
Cyber criminals, competitors, foreign intelligence, hackers and employees are all potential attackers. Whether it’s criminals wanting to steal your valuable data to earn money through fraud, a hacker infiltrating your systems for the purpose of joy or an employee who has accidently made a mistake. It’s important you are aware of these threats and know how to decrease the risk of an attack.
Network defences can block insecure sites and services so that you can’t access potentially harmful content. Microsoft 365 will go some way to helping protect you from harmful emails and deters the downloading of malware from websites.
Having a password policy can help to prevent team members from choosing simple and easy passwords that criminals can easily hack. Implementing a locking feature after a low number of failed attempts is reached would also improve security. Lastly, restricting system access to only those who need it for business functionality would help secure every device that is used within the business.
A simple yet effective method is monitoring and analysing network activity as it will help identify any unusual or malicious activity. To minimise the exposure to known system vulnerabilities, patching should be executed at the earliest possibility.
Removing unnecessary software and ensuring default passwords are changed is a recommended security defence. Additionally, restricting team access to applications, data and training your team is a valuable method to help prevent a breach.
Once an attacker has gained full access, it is very hard to eliminate their presence. In order to stop an attack from reaching this stage, we recommend that you implement a cyber risk management policy. Visit our blog which details advice on how to create a cyber risk management policy.