Creating Layered Protection
When it comes to securing your critical data and personally identifiable information in line with the GDPR do you think you have every angle covered? Unfortunately, there is no guarantee that your business won’t become a victim of Cyber Crime and at some stage, you may very well become another statistic, however, there are a few ways you can help mitigate the risk.
Layered protection is key
Creating layered protection is key, by investing in multiple security layers it makes it extremely challenging for any threat to penetrate your systems, here are some best practices when it comes to securing your network.
What is the first line of defence?
Ensuring you invest in a robust Firewall is a great starting point, the firewall acts as a blockade stopping any unauthorised traffic from entering your network. ‘Ports’ are like doors in the blockade, by having someone with the correct technical knowledge make sure only the ports relevant to your systems are open on the firewall you will minimise the risk of a cyber attack. Leaving a firewall unmanaged could easily make your network vulnerable.
What about additional layers?
Anti-Malware is the next type of protection to look at, we have tried and tested many products over the years and have found the most success by separating the Anti-Virus and the Anti-Spam solutions as opposed to having a combined product. Email spoofing, Phishing, Spear Phishing and malicious links are advanced threats and many combined solutions are unable to differentiate these from legitimate email, not only that they will scan the email at the mailbox level i.e when it is already in the organisation, which when you think about it makes absolutely no sense. Have your email securely filtered BEFORE it reaches your mailbox by using a cloud-based spam and advanced threat filter and let the anti-virus provide it with some backup protection on the device itself. Both anti-virus and anti-spam solutions should be managed by a resource in-house or failing that outsourced. One thing to be aware of when considering a managed anti-virus or anti-spam solutions is whether you have a resource to monitor this daily and do know what to do in the event of an attack?
An often overlooked layer of protection which is completely free to implement is the basic security configuration of your systems. By considering who has access to what data in your organisation and putting in place measures to restrict access to that data then a risk of a breach or an attack can be minimised. Do you have a secure password policy in place? If not, why not? Such a simple and cost-free exercise can make a huge difference to the security of your systems. Making sure your passwords are complex and are changed regularly is key, did you know passwords containing random words with spaces in between are often the most secure. A great resource to check the complexity and security of your passwords is https://howsecureismypassword.net/.
Do members of your team have free reign over their computers with the ability to install software and change settings? If so this should be revoked, one lapse in concentration or one employee not knowing what they are doing could have disastrous effects and allow a threat such as Ransomware to be installed and ran across the network.
How quickly can you recover?
Even with layered protection and your first line of defence, there is still a possibility of your network being breached, Ransomware is one of the main offenders to be aware of as if this breaks through it will cause havoc in your business, restricting access to all your critical data and holding you ransom until you pay a hefty fee to release it (if the attacker decides to release it).
So, if this happens, and it happened to 54% of businesses in the UK last year, what do you do?
Having a robust disaster recovery plan is what every business currently needs to have if you were affected by Ransomware today, do you have a plan?
If you’re not backing up your data daily then you need to ensure this is being done, there are many ways of backing up your data, a quite inexpensive way is by using a portable back up drive, although this is not a preferred method as these portable drives can get lost or damaged, can take a long time to restore from, and you still lose a full day’s work if breached.
There are many cloud backup solutions available now, but don’t confuse a backup solution with a File, Sync & Share software like Dropbox or OneDrive, these are geared towards data sharing and allowing you quick and easy access to files. Most of these programmes only come with 30-day retention as standard, so if a file has gone missing and its day 31, well that’s just unfortunate.
A full backup and disaster recovery solution should allow you to have confidence that it is being done daily, automatically, protected locally on your server and in the cloud, monitored 24/7, but most importantly allowing for you to recover as quickly and efficiently as possible.
There are cloud backup services that can take 15-minute backups of your entire system and allowing you to restore with minimal disruption, whether it be a Ransomware attack or even hardware failure on the server, you would never lose a full day’s work. This type of disaster recovery plan can also help your business with the new GDPR requirements.
With layered protection in mind, the Cyber Essentials scheme is also a great framework to work from as this is said to mitigate up to 80% of malicious attacks.
Hopefully, this information has proven useful and will give you some ideas on how to lock down and protect your network. If you have questions or require help with this contact us on 01933 426162.