FINANCE
Reducing Your Cybersecurity Risk
By JUDY DIAMOND, BUSINESS ADVISORY AT AZETS, Judy. diamond @ azets. co. uk
Cyber attacks have become a familiar feature of modern life. Recent breaches at major UK retailers such as Marks & Spencer, Harrods and Co-op underscore how pervasive and disruptive these incidents can be and highlight the lasting impact a cyber incident has on day-to-day operations and their customers.
From ransomware and phishing scams to data breaches and social engineering, attackers are targeting organisations with sophisticated tactics.
So, what can businesses and employees consider to protect themselves?
IT helpdesk processes Ensure you have robust IT helpdesk processes to reduce the risks of social engineering. It is paramount to validate staff members before resetting their passwords. This is of greater importance for users with privileged access. If you use a third party, seek assurances that they have robust user validation processes for password resets.
Use strong, unique passwords across the business Passwords remain the first line of defence- and often the weakest. You could adopt the‘ three random words’ passphrase guidance from the National Cyber Security Centre. Employees should avoid using the same password across multiple websites. Two-factor authentication( 2FA) is vital and adds another critical layer of protection.
Keep software and systems updated Businesses should install updates for operating systems, browsers, plugins and apps as soon as they are available. These often contain patches for newly discovered vulnerabilities that attackers are quick to exploit. Also, perform regular vulnerability scanning and security testing to ensure any security weaknesses are identified and addressed.
Be wary of phishing and social engineering Phishing emails remain one of the easiest ways to compromise a network. Be cautious with emails that urge immediate action, include unexpected attachments, or come from slightly misspelled domains. Even internally sent messages can be spoofed. Verify through a second channel if in doubt.
Manage privileged access Accounts with privileged access need to be carefully managed. If compromised, these accounts often provide unrestricted access to networks and data. Access through privileged accounts should be restricted to the minimum necessary to perform the role.
Educate employees and users Human error is still the root cause of many breaches. Training employees( including helpdesk staff) to recognise threats, report suspicious behaviour and follow security protocols is crucial.
Managing cybersecurity supply chain risk The growth in adoption of‘ as-a-service’ technologies means that the majority of organisations are reliant on third parties for critical business solutions. Complete cyber security due diligence as part of adoption of new technology solutions and ongoing assurance performed. Seek confirmation that third parties have and regularly test their incident response plans.
Backup regularly Even with the best defences, attacks can still succeed. Regularly backing up and protecting important data- and ensuring those backups are stored securely and tested- can be the difference between a quick recovery and a significant loss.
Consider using immutable backups, preventing backup data from being overwritten or deleted.
Monitor and respond Cyber security is not a set-it-and-forget-it solution. Use monitoring tools to detect unusual or higher risk behaviour e. g. volume of unusual sign-in attempts, access from overseas, access via VPNs.
Effective response A cyber incident response plan should be in place and regularly tested. Being prepared can reduce the time and cost of recovery.
The recent high-profile attacks serve as a reminder that cyber security presents a significant business risk that can cause substantial business disruption. By being risk aware and having effective risk management processes, organisations can drastically reduce their cybersecurity risk.
We are here to help If you have any concerns or questions about cyber attacks and protecting your business against them, please get in touch.
Local Offices: Ashford: 01233 629 255 Canterbury: 01227 454 861 Maidstone: 01622 690 666 Orpington: 01689 827 505 Sandwich: 01304 249 997
www. azets. co. uk
186 • www. insidekent. co. uk