Cybersecurity Awareness Month

Hi!

October is Cybersecurity Awareness Month so in this week’s newsletter we’re going to look at ways to improve your business’ cybersecurity.

1. Check your passwords are secure
   Passwords are an essential security component which play a crucial role in safeguarding our digital lives. Some of the best passwords are biometric (e.g. fingerprints) but you can improve your passwords to make them even more secure by using multifactor authentication, password managers and yubikeys. You can read more about passwords on our website here >
2. Enable multifactor authentication
   This is something we constantly talk about as it is so important. Enabling multifactor authentication is one of the simplest things you can do to enhance your cybersecurity. Multifactor authentication (also known as two-factor authentication) is an extra layer of security which makes it harder for hackers to attack and to gain unauthorised access to your accounts. Our blog about multifactor authentication can be found here >
3. Apply Zero Trust PrinciplesThese are:
   – Explicitly verify – ensure users and devices are in a good state before allowing access to company resources.
   – Use least privilege access – only allow the privilege that is needed for the user to access what they need to and no more.
   – Assume breach – this means constantly monitor the environment for possible attack.
4. Review your antivirus/anti-malwareUse extended detection and response (XDR) and anti-malware – use software to detect and automatically block attacks. This is available as an add-on to your existing anti-virus software for a small cost per computer.
5. Keep your systems up-to-date
   Unpatched and out-of-date computer systems are a key reason many businesses fall victim to an attack. Ensure all your systems – both hardware and software – are kept up to date. This includes patches and updates for firmware, operating systems and software programs and applications.
6. Make sure you have good, recent backups!
   If anything happened to your business, such as a cyberattack (or a hardware failure or even a fire), you would need to restore your business’ data from a backup. Backups are copies of your business’ essential data – that is the information your business couldn’t function without. For example, documents, financial data, photos, email, contact information and calendars.
   In an ideal world you should backup daily, which would give you the quickest recovery time as the data is only one day old. However, ensuring you do backups on a regular basis is more critical than their frequency. You can read more about backing up your data on our website here >
7. Get DMARC to protect your domain
   Domain-based Message Authentication Reporting and Conformance (DMARC) is a great tool which stops attackers from spoofing your domain and making their emails look like they come from inside your organisation.
   Email is involved in more than 90% of all network attacks and without DMARC, it can be hard to tell if an email is real or fake. Having DMARC allows domain owners to protect their domain(s) from unauthorised use by fighting phishing, spoofing, CEO fraud, and Business Email Compromise.
   More and more businesses are being encouraged to register their details with DMARC. The more that do this, the more everyone can be assured that the emails you receive are genuine emails from your suppliers, partners and customers. You can find out more about DMARC on our website here >
8. Try to obtain Cyber Essentials Certification
   Cyber Essentials is a government-backed scheme that lays out a set of policies and procedures that organisations can put in place to show they meet a basic standard of IT security. These are a set of basic technical controls that organisations should have in place to protect themselves against common online security threats. Cyber Essentials is suitable for organisations of all sizes and in all sectors, you can find out more about it on our website here >

Posted in News