CETSAT - Simple steps to be a more secure organisation - Yeovil, Bridgwater, London
Telstar House, Mead Avenue, Houndstone Business Park, Yeovil, Somerset, BA22 8RT
Simple steps to be a more secure organisation
One of the most amazing things I still hear from SME's is "yeah, but why would anyone want to target us?"

Simple steps to be a more secure organisation and how to prove it…

One of the most amazing things I still hear from SME’s is “yeah, but why would anyone want to target us?”


The majority of cyber crime I’ve seen in the last year has come from untargeted attacks. These can be anything from an attacker vulnerability scanning vast IP ranges (trying thousands of door handles until one opens) to opportunist, vague emails loaded with malware. Attackers aren’t just going after the big fish, they’re going after us all.

“It’s not if you’ll be attacked, but when.”

Your door has already been tested, although you may not know about it. The vulnerability scans ran on your public network address or the “Invoice x” emails you’ve had in to your mailbox, rest assured that someone has tested your door.

The UK’s National Cyber Security Centre (NCSC) wants to make the UK the ‘safest place to live and do business online’, a mission they’re so committed to, it takes pride of place on their website. The government’s Cyber Essentials scheme forms an integral part of this mission and, while not all-encompassing, is designed as a great starting point for SME’s to show they take cyber security seriously. Here’s why you should get certified:

Your customers and partners will know you’re a ‘safe’ partner

 

Cyber Essentials - Secure Organisation

Once you’ve completed the assessment, made the necessary changes to your IT practices and policies, you’ll be able to display the Cyber Essentials logo. This is more than just a logo, though. It shows anyone who wants to do business with you that you take your IT Security seriously. You have acknowledged the dangers of cyber crime and taken simple, basic steps to prevent attacks and data loss.

 

You’ll have a password policy that balances security with usability

There’s a balance and IT security should protect users without impeding them. Believe me, I’ve seen both extremes. If you’re the kind of company that has no password policy whatsoever, you are not alone. Passwords from 123456 to password1 are all too common and, while easy for users to remember, are also easy to guess. I’ve also seen extremely secure IT administrators attempt to enforce passwords where only Y77Hfr89*!r54 will meet the complexity requirements. Of course, if a password isn’t easy enough to remember, users will write them down rendering them almost pointless.

There is a middle ground and Cyber Essentials finds that. It enforces a good, strong password policy while allowing passwords that are easy to remember.

 

Your anti-virus might not be

A requirement to pass Cyber Essentials is a good, up-to-date anti-virus. Are you sure you have one? It is up-to-date and good enough? Most successful attacks I’ve seen over the last 12 months have started with a malicious file running on an unprotected computer. At CETSAT, we recommend and deploy Webroot Managed Anti-Virus, a fantastic product that allows central management. Our engineers can monitor any out-of-date workstations, virus detections and unprotected machines.

 

Protect the edge

Most businesses don’t have a dedicated firewall in place protecting their network from the internet. For small organisations, a router can (depending on model) perform very basic firewalling, but nothing compared to a dedicated firewall. Cyber Essentials asks questions about the configuration of a firewall, ensuring basic protections are in place to stop attackers. We partner with SonicWALL, one of the best firewall manufacturers around. These devices, configured correctly, do much more than the legacy firewall. SonicWALL’s can scan for viruses while traffic is downloading, perform advanced content filtering, data-loss prevention and application firewalling.

 

A good first step on the road to the 25th of May

As I’m sure you’re aware, the General Data Protection Regulation (GDPR) comes in to force on the 25th of May, and the consequences of breaching it are big. A good first start on the road to the 25th is the Cyber Essentials scheme. The foundations put down by the Cyber Essentials scheme show that your organisation has understood the threat and taken steps to try and prevent an attack or cyber crime resulting in a data breach. Has your organisation taken reasonable steps to stop a data breach? It’s not a requirement, but I’d argue that the Cyber Essentials tick is a damn good start.

 

Sam McAllister

Author: Sam McAllister