As the world of cyber crime continues to flourish and grow, it is important that all businesses implement solid measures to protect themselves against cyber threats.
Every year, different organisations publish different reports and statistics relating to cyber-crime, but the bottom line is always the same: The threat continues to grow.
Many businesses – especially small and medium sized businesses – simply don’t invest enough time, thought or money into their cybersecurity strategy. But, when we spoke with TechQuarters – a company providing IT support London-based businesses have relied on for years – they confirmed that all businesses (especially SMBs, in fact) are at risk of some form of cyber security breach. So, what should businesses be doing about it?
Cyber Security vs. Cyber Resilience
There are often a lot of different terms bandied about when it comes to cyber security, but according to companies like TechQuarters, the two most important terms to focus on are: Security and Resilience. Often used interchangeably, they are actually two subtly different principles.
Cyber Security is the one that everyone knows about. It is all about preventing cyber attacks as much as possible, and it encompasses a wide variety of different practices, solutions, and technologies.
Cyber Resilience, on the other hand, involves practices that minimize the impact of a cyber security breach, and ensures that businesses returns to normal service are quickly as possible.
In this day and age, it is impossible to avoid cyber-attacks entirely. While there is always the chance that an organisations never (or at least very rarely) experiences a major cyber-attack, cyber resilience ensures that the organisation is still properly prepared for that eventuality.
A good business strategy includes measures that boost both cyber security and resilience. Below are some examples of important measures to implement:
- User Training
One of the most important security measures a business should employ is also one of the easiest.
Unfortunately, the average employee tends to be quite ignorant to good cyber hygiene. Many still reuse passwords and don’t bother changing them regularly. Employees have been known to browse the internet indiscriminately, and even click on ads and links without scrutinizing them. These are all risky practices. According to TechQuarters, whose work providing IT support in London occasionally involved security auditing, a significant percentage of cyber security breaches occur due to user error and negligence.
Requiring employees to take simple cyber awareness training (most of which can be done online) can help the business as a whole operate with better cyber hygiene.
- Zero-Trust Access Controls
Another important part of cyber security which also factors into how resilient an organisation is, is access control – in other words, how a company control who can view, download, or edit company content or data.
In theory, users in a company – even the CEO – should never have full access privileges – because if their account was ever hacked, the person that hacked them would then have free reign within the organisation. Therefore, users should only really have privileges that reflect their duties in the company.
The most secure form of access control is Zero-Trust. This term essentially means that a user is never assumed to be who they are, and will be required to confirm their identity whenever they want to access any resource on their employer’s network.
Historically, company networks would only require users to authenticate themselves once, but these privileges can be exploited by hackers. Zero-Trust makes it much harder for hackers to navigate a company’s network, even if they have stolen access from a legitimate user.
- Multi-factor Authentication
Another important aspect of modern cyber security involves adding extra layers of security to accounts.
Multi-factor Authentication (MFA) requires two or more verification factors for access. Typically, this means a password alongside a one-time passcode (OTPs) generated from an app, or sent to an enrolled device, or some form of biometric, or a dedicated authentication app. There are even advanced MFA methods, including location-based, behavioural-based, and adaptive authentication.
Most services nowadays offer native MFA options – for example, Microsoft and Office 365 has built-in MFA (having provided Office 365 consulting London businesses trust, TechQuarters confirmed that its MFA is reliable). However, there is also a growing market for Identity as a Service (IDaaS) solutions – such as OneLogin – which offer more authentication methods and integration options.
- Threat Modelling
As the world of cyber threats grows and diversifies, threat modelling becomes an increasingly important practice for businesses.
Threat modelling focuses on identifying the types of threats you, as a business, are vulnerable to. It also involves gauging the likelihood of different threat types, assessing the potential impact of them, and then developing strategies on how each of the different types of threats will be handled by the organisation.
The benefit of threat modelling in a world where cyber crime becomes more and more complicated is simple. It gives businesses a very clear view of how to approach their overall cybersecurity strategies.
