Cyber Security Checklist: Protect your business in 10 steps with HBP Systems
Cyber Security Checklist: Protect your business in 10 steps
By HBP Systems Ltd | Posted: 14 Mar 2017
At HBP we recently posted an article in which we detailed the security breach of a local company who lost £100,000 to an accounting software based hack.
While this breach was extremely uncommon and we have a lot of faith in the structural integrity and cyber-security of the accounts software we work with, businesses need to be aware of modern cyber security risks and must keep in mind that the techniques and tools used to hack businesses are constantly evolving and developing to outsmart standard security software.
The reality is that cyber-criminals are getting better and better at what they are doing, and the businesses that are being targetted aren't keeping up with the pace being set by these professional hackers. It's an arms race that's impossible to predict, and we think more really needs to be done to help put the businesses back in the lead.
And so, to that effect, we have put together a checklist of our top 10 cyber security essentials for businesses from our resident security expert, Tony Pearson. From small, medium or large enterprises; follow this list and you'll be ahead of the hackers - an impenetrable business at the vanguard of cyber security.
1. User Education & Awareness
Your weakest security point will always be your employees. They have a critical role to play in keeping your company cyber-secure and should be educated to understand the responsibility they have and how integral they are in the keeping the company safe. Run some awareness campaigns, hold a cyber security meeting, just make sure they know the behaviours that can lead to a security breach and how they can avoid letting malicious software in. They majority of cyber-crime incidents occur purely down to user error; opening an email, clicking a spurious link, plugging in an infected USB - these are common ways that small mistakes can cripple entire companies.
2. Secure Configuration
'Securing your configuration' essentially means you need to establish a water-tight IT network within your business - remove or disable unnecessary functionality from systems and make sure you are able to fix known vulnerabilities and weak spots via patching. Try to consider the security of your passwords, be careful about what you install and ensure all your essential software is updated. This is all about ensuring you don't have any weak links in your system network.
3. Network Security
This is all about securing your internet connection within the company. Think about where your data is stored and processed online - the use of mobile working and cloud services mean that it's hard to define the boundaries of your companies network but by considering your network architecture and implementing security processes and software, you can lock down all access to your network. Your company has a large digital footprint nowadays, and any weak points can serve as an access route for hackers.
4. Managing User Privileges
Exactly what it sounds like, this is all about monitoring the levels of user permissions distributed to the employees of your company. Handing out higher level, or even admin, privileges on your local networks can have severe consequences if misused and the simple fact is very few of your employees actually need these privileges. The fewer people who can make system-breaking changes, the better. Leave it to your experts - Jill in HR doesn't need to be a system admin.
5. Malware Prevention
Malware is an umbrella term used to describe all malicious code or any content that could be damaging to your system. You normally get malware in your system through a dodgy download or an email - any exchange of information carries the risk of malware being exchanged. Implement some anti-malware programs in your system - we recommend Sophos Endpoint but there are a huge number of developers out there fighting the good fighting and creating software to protect systems from malware.
Have any more questions? Don't hesitate to get in touch at firstname.lastname@example.org, or by using the Live Chat function in the bottom corner of this page. Or you can always call us for a chat on 01724 300400.