A pervious cyber security blog focused on malware and how you can avoid the main threats by using anti-malware. But using anti-malware or anti-virus software is only one of a number of key measures you can put in place to help protect your business.
Local cyber security practitioners Cyberia Ireland explain that putting in place a few basic controls can go a long way to keeping your business safe from cyber threats, many of which do not require any technical expertise and are free or cost effective to implement.
The UK Government recommends cyber security measures under 5 themes – firewalls, secure configuration, user access control, malware protection and patch management. But what does this all mean? Luckily our friends at Cyberia Ireland are on hand to break through the jargon…..
A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. It acts as a barrier between a trusted network and an untrusted network and its role is to prevent malicious traffic reaching the resources that it is protecting. Government guidelines are that every device should be protected by a correctly configured firewall with the default administrative password changed to an appropriate alternative. Configuring a firewall can be tricky, and according to Cyberia Ireland, might be the area where you will need technical assistance.
Secure configuration is all about ensuring that computers and other devices are properly configured to reduce the level of vulnerability. When you first buy a computer or other device, the standard set-up will often include weak points such as an administrative account with a pre-set, publicly known default password; pre-enabled user accounts; or pre-installed but unnecessary applications, all of which can provide cyber criminals with opportunities to gain unauthorised access to your system. Government guidelines are to remove unnecessary user accounts (such as guest accounts or additional administrative accounts); change default account passwords to something non-obvious; remove or disable unnecessary software; disable the auto-run feature that allows programs to be run without user authentication; and authenticate users before allowing internet-based access to sensitive or critical data.
Password management is a topic of great interest and debate and will be covered in detail in a future blog!
User access control is as it sounds – about ensuring user accounts are assigned to authorised individuals only and providing access only to those applications and devices as required for that user to perform their role – by doing so, reducing the risk of information being stolen or damaged. Government guidelines include removing or disabling user accounts when not needed (for example, when a member of staff leaves or after a set period of inactivity); restricting administrative access and removing or disabling when no longer required; use admin accounts to perform administrative activities only (no emailing, browsing or other standard user activities that may expose administrative privileges to avoidable risk).
Malware protection has been discussed in a previous blog, but just to add that use of anti-malware can be boosted or supported by using application “whitelisting” and application “sandboxing”. Whitelisting is a technical way of ensuring that only approved programs can be installed; and sandboxing is where applications or code of unknown origin are isolated and run in a safe area until verified.
Patch management involves making sure all devices and software are kept up to date by installing the most recent security updates or “patches” from the product vendor. All software can contain security flaws or “vulnerabilities” which can be exploited by cyber criminals to attack computers and networks. Government guidelines are that all software should be kept up to date; should be licensed and supported; removed from devices when no longer supported (for example the Windows XP operating system); and should be patched within 14 days of an update being made available.
So while the measures may be somewhat dull, they aren’t overly technical and Cyberia Ireland suggest that most are achievable without any particular technical expertise, just a bit of support and guidance.
Blog Post by Fionna Martin