Cybersecurity Made Simple – How to Focus on What Matters Most
Cybersecurity Doesn’t Have to Be Complicated
Cybersecurity doesn't need to be complicated. In fact, it boils down to three things: users, computers, and data. Nail these, and you're ahead of the curve.
In this month’s newsletter, we’re looking at the three core aspects of cybersecurity and what you can do today to help improve the cybersecurity of your business.
1. Your Users - The Front Line
Your users are your first and, honestly, best line of defence. Give them some essential knowledge and the right tools, and they'll do most of the work for you.
Unfortunately, a significant number of breaches occur because someone inadvertently clicks on a malicious link. Spam makes up 45.6% of global email traffic, so it's no surprise that inboxes are a minefield. Here are some preventative tips to consider:
Configure weekly email digests: Let users review suspicious emails in a safe, digest format. This can reduce risk by up to 80%.
Enable the report button in Outlook: Enable easy reporting of suspicious emails to enhance threat detection.
Leverage password managers: Use unique, complex passwords for each account. Add 2FA/MFA and enforce it. No need for frequent changes.
2. Your Computers - Lock Them Down
Company devices should be locked tighter than your weekend plans. Users should only access machines assigned to them, and only from their usual location. No exceptions.
Do you store data locally on your computers? If yes, encrypted it. If you don’t know how, then we need to talk. Whether your data is sitting on a computer or making its way across the internet, it needs to be wrapped up tight. Again, software tools are here to help:
Install and maintain anti-virus software: Basic, yet essential.
Configure Mobile Device Management (MDM) in your Microsoft environment: Centrally configure access, enforce policies, and keep everything in check.
3. Your data - The Crown Jewels
Your data lives on servers, floats through the internet, and ends up on a computer screen that you're looking at. This is by design, due to a complex array of computer coding, logic, human resources, and finally at your end, user permissions. You don't control the journey, but you do control who gets a ticket
The trick with access policies, which are a staple of cybersecurity, is to have them not too tight that no one in the team can access the data, and not too open that anyone can download and use your data for unintended purposes. This is a complex area, and we strongly recommend completing an annual audit with a professional IT support team that can guide you through this process. Trust us, you’ve got better things to do with your time.
When reviewing your data, make sure to include all backups. These are often a complete copy of your data, so treat them no differently than your local data. If anything, you probably want to pay extra attention and not just trust the provider that says your data is safe, and have someone check that their claims are accurate.
We appreciate cybersecurity is often perceived to be a complex area but truly believe that it doesn’t need to be in practice. You’re probably doing many of the things above (for those of you that are clients, we know you are), and hopefully this serves as a gentle reminder to take a look and make sure you have everything you need to protect your business.
If you have any questions or want to have a call to discuss, please reach out and the team will happily walk you through the points in the email and any questions you may have.