written by Anthony Cummings, IT Services Director at Revolent
- Gauge your system against a reliable cybersecurity framework such as GCHQ
- Pursue a certification like Cyber Essentials Plus
- Multi-factor authentication for everyone within the organisation
- Stay on top of patch management to make sure devices are patched on a regular basis
- Restricting access to key IT services to corporate devices and profiles
Information technology and especially the internet have changed a great deal in the last decade. Unfortunately, the threats and mechanics of cyberattacks have also evolved. According to Forbes, just 41% of executives believe their security initiatives have kept pace with digital transformation processes.
This Cybersecurity Awareness Month, Anthony Cummings, IT Services Director at Revolent, shares his insights on cybersecurity including practical tips and preventative measures for businesses to implement to keep their organisation and its assets safe in 2022 and beyond.
Why does cybersecurity matter?
The point of cybersecurity is ultimately to “protect the crown jewels of the business”, says Cummings. This will vary from business to business, of course. For some the central asset will be data, while for others it might intellectual property. Strong cybersecurity is a means of ensuring a business continues to function as intended, and of keeping a keen competitive edge.
What to look out for
When it comes to the most common threats like ransomware and financial or operational threats, “the greatest risk is generally individuals”, according to Cummings. Phishing attacks will seek to gain access to information or resources and then lock your files, for example. Key targets here are things like end user accounts and compromised devices. Once they’ve gained access, attacks will tend to then move laterally in your network – which can result in a real PR nightmare when clients or partners discover an attack originated in your business.
Best practices to keep your business safe
The first port of call here is to review all current security controls. Gauge your system against a reliable cybersecurity framework like that offered by the Government Communications Headquarters (GCHQ). It’s also worth pursuing a security certification like Cyber Essentials Plus which will help you identify the threat landscape within your business. Antivirus software is important of course, and for smaller businesses, it can be worth considering outsourcing cybersecurity to an established security operations centre.
More broadly, some quick wins when it comes to cybersecurity focus around the idea of “hardening the end points” as Cummings describes it. This includes measures like implementing multi-factor authentication for everyone in your organisation, staying on top of patch management to make sure devices are patched on a regular basis, and restricting access to key IT services to corporate devices and profiles.
Identify, protect, detect, respond!