Viewing archives for cybersecurity

17 Critical Cyber Security Questions To Ask Your IT Team

Suddenly the office is closed, and everyone’s working from home.

The IT team is coping, but you’ve got nagging doubts about cyber security. You ask the IT team a few questions, but the answers seem to be in a different language!

Well, you should be concerned. Criminals are ramping up their activities, because systems are more vulnerable when people work from home.

But there’s no need for panic. Most cyberattacks are successful simply because basic steps haven’t been taken.

Here is a simple checklist to ask the person in charge of IT. The answers should all be YES!

Protect your data

  1. Do we know for sure that our backups are working?
  2. Does data stored on a home user’s drive get backed up?
  3. Does our central data storage have versioning?
  4. Do we have a Data Loss Prevention system running?

Protect your remote devices

  1. Do we have multi-factor authentication set up for our systems?
  2. Will our anti-virus, anti-malware and patching tools automatically update for home users?
  3. Has everyone who’s working from home signed a communications and internet usage policy?
  4. Have we given cyber security training to the team within the last six months?
  5. Are our legal policies appropriate for people working remotely and at home?

Protect your network

  1. Do we use a Virtual Private Network (VPN) to connect remote users to the company network?
  2. Is our email system encrypted, and has DKIM, DMARC and SPF been set up on the Domain?
  3. Do we have mobile device management systems controlling all mobile equipment on the network?
  4. Do we have an appropriate system usage and data management policy?
  5. Are business applications configured to provide least-access privileges?

Stop the bad guys

  1. Is our video conferencing protected and are calls secure?
  2. Do we have the right checks in place to stop us losing money through fraud?
  3. Are our remote support tools secured against rogue access?

If you value your business, make sure the answer to all these questions is YES. And visit our Cyber Security and COVID-19 knowledge centers, which have more useful content related to this topic.

Freeman Clarke is the largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

 

Learning from Travelex

Due to a cyberattack, Travelex, the world’s largest foreign exchange bureau, has been paralyzed for weeks. The reputational and financial impact on the company and its senior leaders will be severe. New laws and regulations, like GDPR and NY Shield, mean that such breaches can no longer be swept under the carpet, and the business losses will be compounded by huge fines.

Travelex is a wake-up call to all businesses. In today’s cyber-risk environment, maintenance of your basic IT infrastructure and services is critical to remaining profitable and even staying alive. You may be concerned that if a giant like Travelex gets hacked, how can a mid-market company protect itself? It’s actually pretty straightforward.

When we engage with clients, we talk about “getting the basics right.” A fundamental part of that is making sure the IT infrastructure and services are fit-for-purpose and up to date. If the basics aren’t right, then there’s no hope of looking at ways to use technology to grow the business and get ahead of the competition.

To provide you with a head-start, here are your first nine priorities:

  1. Prioritize systems maintenance. All systems and services, particularly those that are connected to the outside world, must be kept up to date with the latest software patches. The IT team or your Service Provider must review and update systems in a regular, controlled manner.
  2. Review your backups. Many malware infections encrypt your data and hold it for ransom. Frequent backups mitigate the chance of you losing everything. A regular complete backup of data stored somewhere with no connection to your systems – what’s called an air-gap – will greatly limit the damage of an attack.
  3. Get a penetration test. Get a reputable security company to undertake an external penetration test of your systems and services. Resolve all the concerns raised in the results. Find your vulnerabilities and patch them before hackers find them for you!
  4. Get certified. Spend some money, usually less than $12k on earning the Cyber Essentials Plus certification. The process involves making your technology secure, and we’ve seen clients win new business after being certified.
  5. Lock down your data. Each individual in your business should only have access to the data they need to do their job. This minimizes the risk of data loss should they leave with it or accidentally click a malware link. Allowing employees wide-ranging access to data is asking for trouble.
  6. Invest in protection. Keep the bad guys out with well-configured firewalls, anti-spam email systems, malware detection software, and pro-active Day-0 protection systems.
  7. Get some insurance. Cyber insurance covers the losses resulting from a cyberattack. It can also aid with the management of the incident itself, particularly reputational damage and regulatory enforcement. Crime insurance covers the loss of money due to theft, fraud or dishonesty and includes theft of money by hackers. Add cyber insurance and crime insurance to your portfolio as separate policies, not just add-ons to existing business insurance.
  8. Train your staff. Your employees are the most vulnerable security point in your business. The more they know what to look for and what to do, the better your chances of avoiding an attack. Training is essential for all new staff, and it needs regular refreshing for the whole business – including you!
  9. Plan for the worst. Even with all the above nailed down, you still need to be ready for the worst. Sit down with your top team and discuss potential disasters and plan your way out of them. Who would be in charge? Who is authorised to make major decisions on the spot?

Will Travelex survive this attack? Who knows – the reputational and financial damage may be terminal. But by following these nine steps, you can avoid that fate for your own company.

For more information see our Knowledge Center about Cybersecurity.

Freeman Clarke is the UK’s largest and most experienced team of part-time (we call it “fractional”) IT leaders. We work exclusively with ambitious organizations, and we frequently help our clients use IT to beat their competition. Contact Us and we’ll be in touch for an informal conversation.

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.

Graeme Freeman
Co-Founder and Director

Subscribe to our Business Insights

Plain English board-level briefings focused on technology strategies to deliver competitive advantage and business success.

* Please enter an email address
newnewsletterrecipient

You can unsubscribe at any time.

Thank you.

You’ll now receive regular expert business insights.

Call us on 0203 020 1864 with any questions.