4 minute read
Inform
Photo by FLY:D on Unsplash Chamber membership provides access to key information, expert advice and legal protection, enabling you to stay informed, legally compliant and free to focus on what you do best – building your business.
IT, SECURITY AND DIGITAL SECTOR UPDATES
Advertisement
PASSWORD PROTECTION FOR BUSINESSES
Last month (5 May) it was Password Protection Day. We’d like to further help businesses protect their data with these helpful tips. Firstly, always use strong passwords. These are passwords that contain at least eight characters or more. Every character you add, makes it harder for hackers, so, the more the better. Secondly, a mix of lower-case and upper-case letters is advisable. Thirdly, numbers and symbols are also encouraged and of course there should be no ties to your personal information. If your employees adopted such approaches when producing a password, your company will be in a much better position security wise. In addition, password manager apps can be very useful and will store passwords for each of the services that you use. If, for whatever reason, some passwords cannot be stored in a password manager, then we would recommend using sentence-based passwords. These are far easier for the human mind to remember. Plus, longer passwords increase the difficulty level for hackers to breach your account. Lastly, never share your passwords with anyone. This leaves room for human error and could be devastating. Don’t reuse the same password and never write your passwords down. Whether this is in a book or a single piece of paper; if you lose it, it could fall into the wrong hands. Advice from Cambridge Support
PREPARING TO RESPOND TO A CYBER ATTACK
It is not possible to allow for every scenario when it comes to cyber security incident response management, but having the right processes in place can alleviate some of the panic which often ensues during an incident. A well-prepared plan affords both management and staff the knowledge of how they should respond and what they should do when an attack happens. Part of effectively managing your teams response to a cyber incident, and preparing them for the real thing is conducting a number of ‘test runs’ in the form of table top exercises. These are pre-defined scenarios, simulating a cyber-attack or security related incident for the incident response team to work through. We strongly believe that creating simulated cyber-attack scenarios tailored to the organisation and based on real world attacks, latest techniques and tactics used by cyber criminals have the most benefit. So, how do we do this? During an initial workshop, we aim to determine what incident response processes and practices are already in place and what the organisation would like to achieve. This is followed up by some further research which can be pertinent to the types of scenarios the organisation will get the most benefit from. We then build scenarios tailored specifically to the organisation. These would be presented in the form of play books and would contain a thorough, fully developed exercise for the incident response team to follow.
Exercises can often contain curveballs and move in another direction depending on the actions of the Incident Response team. This can further help mimic real world situations and allow for likely changes and developments as the incident progresses. Actually participating in exercises is so important for the Incident Response team to become familiar with and understand how the process should work. It allows staff to ask questions, make mistakes, understand how best to work together, learn and really take notice and control of the responses and ultimate outcome. Talk to CyberScale if you want to know more about how to build resilience in to your business. info@cyberscale.co.uk 01603 339550 Advice from CyberScale
DEFENDING YOUR SME IN THE CURRENT THREAT LANDSCAPE
Organisations nowadays face more complex cyber risks than ever before. Cyber security is important for small businesses because cyber criminals know that SMEs typically do not have the resources available to properly manage cyber security. For cyber criminals managing large-scale automated attacks, it is often easier to steal £5,000 each from 1,000 SMEs than to try and steal £500,000 from a single target. All SMEs should take basic cyber security precautions – the Cyber Essentials standard is the very minimum of what they should have in place. Cyber Essentials Plus is a good step up, followed by the Cyber Assessment Framework (CAF) – and the CAF is a good standard for larger SMEs to follow, although they will typically need to outsource the support they need for this. A defence-in-depth approach to cyber security is the only way to gain the peace of mind you need to focus on your day-to-day objectives and secure your organisation’s success. Cyber security defence in depth covers five important elements: detection, protection, management, response and recovery. We recognise that cyber security is an ongoing process, requiring continual evaluation, maintenance and revision. This is why we’ve put together a suite of products and services to help your organisation address the evolving range of cyber risks it faces each and every day.
How IT Governance can help SMEs
Cyber Safeguard protects small businesses against cyber-attacks quickly and cost-effectively with expert support, training and tools. With Cyber Safeguard, you get access to dedicated cyber security expertise, legal support and specialised cyber insurance cover of up to £500,000 for added peace of mind. Whatever your resources or expertise, a defence-in-depth approach to cyber security will give you the best chance of mitigating the cyber security threats your organisation faces, so you can focus on your core business objectives without having to worry about coming under attack. Advice from IT Governance Ltd
