First published 31/10/2022
Appropriately my final article in this series falls on Halloween!
The story so far
Gone are the days when making sure anti-virus software was installed on your computer was adequate. Today’s cyber-criminals are constantly developing more advanced techniques of attack and your cyber-security strategy needs to take a layered approach utilising the latest tools to proactively protect and monitor your IT environment.
Just to recap on what I have covered so far, to help you develop your cyber-security strategy and keep those cyber-ghouls at bay:
Cyber Security is not just about implementing technical measures and controls to secure your data, a business should instil a culture of security awareness in all its staff. Data security should be seen as everyone’s responsibility.
Protecting your user accounts and data by utilising the principle of least privilege, device security, Multi-factor Authentication (MFA) and a Password Manager.
Traditional anti-virus is no longer adequate to detect and respond to the advanced nature of today’s cyber-threats. Every device that employees use to connect to your business networks and systems represents a potential risk that cyber-criminals can exploit to gain access to your company data. Continuous monitoring of those devices is critical to ensure they remain secure.
Advanced Threat Protection (ATP) works directly in Microsoft 365 (and other cloud services) and detects and neutralises cyber-threats before they even reach your endpoints and users.
ATP is an email filtering service that helps protect your business against unknown malware and viruses by providing zero-day protection and safeguarding against phishing and other unsafe links, in real time.
Operating systems (OS) and application software are constantly updated to release new features and to fix bugs and security issues. Unpatched OS and applications can leave your computers vulnerable to cyber-attacks.
Any or preferably all the above should be used in combination to enable a robust cyber-security strategy to enhance Prevention, Detection and Response.
Even with the most robust cyber-security strategy in place, there is still a risk your business could suffer a security breach and/or data loss. All businesses should have a Disaster Recovery (DR) plan in place to be prepared for the worst.
Don’t assume you are not a target, approximately 43% of cyber-attacks are targeted at small businesses. Cyber-crime can cost your business time, money, reputation, and customers.
Despite the importance of digital data to any business, most small businesses and charities do not have adequate backup and disaster recovery plans in place.
It is estimated that 60% of small businesses, who do not have a backup plan in place, will close within six months after experiencing a significant data loss.
Should the worst happen, you need to be confident that you can recover systems and data as quickly as possible, with minimum impact to your business and your clients.
Cloud services such as Microsoft 365 are great environments for businesses of any size as they provide a very resilient and redundant infrastructure that is available from any location. However, your data within them is still susceptible to ransomware and deletion by cyber-criminals.
For more information on backup and DR see my previous article Are you backing up your Business Data?
Cyber Insurance protects your business from the financial impact of a cyber-incident should you experience a data breach or attack. This can cover loss of income, legal fees, fines, and third-party liability.
For more information see this article from insurance brokers Philip Gibbs.
Cyber Insurance is not an alternative to a robust cyber-security strategy, you are unlikely to get cover if you do not have adequate security measures and policies and procedures in place.
What the future holds…
The great thing about technology is that it is constantly changing and evolving, as well as the benefits this always brings risk.
The more recent advancement and availability of Artificial Intelligence (AI) for example, brings many benefits such as advanced analytics, automation, improved productivity, and advancements in medical applications. AI is already being used in cyber security applications for advanced analysis and rapid detection and response to cyber-threats.
Unfortunately the technology will also enable cyber criminals to develop more sophisticated and convincing attacks, so please be vigilant!
One newer security technology that has been gaining traction over the last year, which are already supported by the larger technology companies such as Microsoft, Apple and Google are passkeys. Passkeys will eventually replace passwords and are more secure and less easily compromised. You will no longer be required to remember a multitude of passwords and will only require a username and biometric authentication to login to services in the future.
I will be discussing passkeys in more detail in a future post.