Being ISO 27001 (international information security standard) certified, here at Mango we treat our cyber security seriously. We suggest you do too!
Cyber security attacks are more and more common. They just won't stop anytime soon. Plus it doesn’t matter how big or small your organisation is, you are still vulnerable to attack.
If you are getting started on protecting your organisation from attack, then here are our top 10 practical steps to keep you safe.
1. Install software updates (patches)
Making sure your devices and software are up-to-date (with patches) is probably the most effective thing you can do to keep your system safe.
Patches fix security vulnerabilities. If not fixed, attackers could use these vulnerabilities to gain access to your system.
2. Implement two-factor authentication (2FA)
Implementing 2FA means that anyone who logs in to your system will need to provide something else on top of their username and password to verify that they are who they say they are.
3. Back-up your data
If data is compromised in any way — if it’s lost, leaked or stolen — you need to make sure you have a backup, or copy, available so you can restore it.
4. Set up logs
Setting up logs helps you discover when an incident may be about to occur (like failed logins) or when an incident has occurred (like logons from unknown IP addresses). Make sure to store logs in a safe location and make sure they’re encrypted.
5. Create a Business Continuity Plan (BCP)
If your organisation has a cyber-security incident, you’ll need to know what steps to take to keep your organisation running. Have a clear plan in place will help you through what could be a stressful time. It’ll help your team respond to an incident quickly, and improve your business's resilience.
6. Update your default credentials
Default credentials are login details that give the user administrator-level access to a product at initial setup. Make sure they are changed afterwards. Default credentials are easy to find or guess or find online. Attackers could use them to get into your system.
7. Only collect the data you really need
It’s important to only collect the data you really need from your customers. Your level of risk is based on the amount of data you have — the more you collect, the more valuable it is to an attacker. This means you carry a higher risk if you’re targeted by a security incident. By only collecting what you need, you reduce your risk.
8. Secure your devices
Enable anti-malware software on any device that accesses your data or systems. It prevents malicious software — such as viruses or ransomware — from being downloaded. This includes both company owned devices and any BYOD devices that belong to your staff. Malware’s easier to avoid than it is to fix, and there are some simple things you can do to minimise your risk.
9. Secure your network
You need to think about the connections both going in, and going out, of your network when you start thinking about how to secure it.
Firewalls help control where connections go, and proxies can act as an intermediary between different computers or networks. For example, you can use a web proxy to send traffic from your business network to the internet, and it could filter that traffic and prevent any bad traffic — to sites hosting malware, for example — from getting through.
10. Manually check financial details
If you're doing business online and you get an unusual or unexpected request, check it manually before you go ahead with the transaction. This means checking the request with the person or company you're dealing with through another channel — by phone, for example. Having manual checks will prevent you from getting caught up in online fraud, like invoice scams.
[Hat tip to CERTNZ for help with this blog]