How to Build a Cyber Security Strategy

How to Build a Cyber Security Strategy

Cyber Security is an umbrella term that covers all the services and solutions that are implemented to protect computers, networks, data and cloud services from cyber threats. There are a number of types of cyber security measures and it is never a one solution fix. Robust cyber security requires a multi-layered approach and an overarching strategy.

So what are the various types of cyber security?

  1. Network Security – protects against bad actors gaining unauthorised access to corporate networks.
  2. Data Security – secures data, often which contains personal and sensitive material depending on the business, both where it is stored and in transit.
  3. Application Security – identifies weaknesses in business applications that staff use daily that could be exploited. Often these weaknesses are dealt with by installing patches or updates from the application providers but frequently users fail to act on updates and vulnerabilities remain exposed.
  4. End Point Security – ensures all devices that link to the network are secure.
  5. Cloud Security – as more businesses use cloud services security in the cloud becomes more and more important. Read More.
  6. Disaster Recovery and Backups – this falls under the cyber security umbrella as this is your insurance that in the event of a cyber attack your business can recover not just data but systems and applications readily. Read More.

Also Read: Why Cyber Security Risk Assessments are Critical for Risk Management?

How to Build a Cyber Security Strategy

  1. Undertake a Cyber Security Assessment

The first step in understanding what your business needs to do to protect itself is identifying areas in which you are weakest. The best method to do this isCyber Security Assessment to engage with an IT services company who are experts in Cyber Security and they can run a cyber security assessment to establish the current level of risk across your network. Most IT Services Providers will have a range of tests they can run which will identify current vulnerabilities. In doing so you will learn what areas of the cyber security umbrella (think of them like the spokes that hold the umbrella up) you are weakest in and where you need to invest.

  1. Document your Cyber Security Strategy

Once you have a better understanding of you current cyber security posture and have allocated budget you should get buy in from all stake holders across your business. As cyber security is company wide you should involve someone from each area of your business as they may all have different concerns. For example some of them may use more cloud services that others. Some teams may operate more remote workers than others who may be permanently office based. Areas of the business may have strict compliance policies that they need to adhere to for example the finance department who hold personal financial information. All of these aspects should be carefully documented to ensure a comprehensive approach to securing your business.

  1. Consider engaging with an IT Services Provider

Cyber security is a very specialised area. Most businesses won’t have the required skills inhouse which is why it is wise to talk to an IT Services Company who can best advise what solutions meet the needs laid out in your cyber security strategy. Look for an IT Services Provider that is expert in Cyber Security and partners with a leading cyber security company like Fortinet. They will have all the know how to make sure your cyber security is foolproof. Often they are experts in Cloud Services also which is essential for ensuring that not only on premise but cloud based IT Services are secured.

  1. Train your staff

Cyber security awareness training is critical in any cyber security strategy. With all the measures in place cracks can appear at any moment and mostCyber Security Awareness Training frequently it is human error such as clicking on a malicious link in an email that leads to a breach occurring. Most IT Services Providers supply online cyber security training for staff which is convenient for all staff to complete. It is important that all staff right up to management undertake cyber security awareness training. It is also important that it stays fresh in their minds as time goes by so many companies will engage with cyber security training on an annual basis.

In an age where cyber crime is advancing at an alarming rate no business is safe no matter what size. The days were cyber attacks were reserved for bigger companies are long gone. All businesses need to be sure that their cyber security is up to scratch. To ignore it is leaving your business wide open to threats such as ransomware which can be both financially and reputationally damaging.

Also Read: Email Security is Paramount

At HCS Business Solutions we deliver Cyber security awareness training, cyber security risk assessments and a full range of cyber security services for businesses of all sizes.

Talk to us today.

Email Security is Paramount

Email Security is Paramount

Phishing emails are still the number 1 entry point for ransomware attacks. In this webinar our Security Experts discuss how businesses can protect their email channel, especially important when employees are working remotely, with Fortimail’s award winning and independently approved advanced email security solutions.

Webinar: Securing the Modern Enterprise with Fortimail Secure Email Gateway

Webinar: Securing the Modern Enterprise with Fortimail Secure Email Gateway

Get Visibility into the Amount of Unwanted, Malicious, and Risky Email Reaching Your Users

As a Fortinet Select partner we see firsthand how email remains the most utilised attack vector for cyber criminals. At the same time, customers are increasingly moving to cloud email providers, like Microsoft 365 and Google G-Suite, and are struggling to secure their email traffic. The built-in, native security tools available in these platforms are by themselves insufficient to guard against attacks, protect valuable data, and ensure compliance objectives are met.

In a webinar on Thursday May 13 at 10 am we will discuss how FortiMail is used by tens of thousands of customers worldwide to protect well over a hundred million mailboxes. FortiMail has been independently validated and was recently awarded a ‘AAA rating’, the top rating a vendor can receive, by SE Labs.

Book your place here

All attendees will be offered the chance to avail of a limited number of bespoke email security assessments in consultation with an NSE 7 certified Security Engineer.

You will learn what type of email threats are getting through your current filters, how much spam is landing in your user’s inboxes, your level of email bandwidth usage and more. Plus you will have an understanding of whether your email is protected sufficiently and if not what steps can be taken to improve it.

I sincerely hope you will be able to join us on Thursday May 13 at 10am.

How to prevent a Successful Phishing Attack when Employees are Working Remotely

How to prevent a Successful Phishing Attack when Employees are Working Remotely

Cyber attacks have doubled over the last 12 months as workforces around the globe moved to a distributed or remote working model. Now communication that would usually take place inside a corporate network is being conducted outside the existing security measures and frequently over third party platforms. The pandemic has presented cyber criminals with the perfect opportunity to exploit unprotected systems to access sensitive data. Many phishing attempts are related to the virus or now more so the vaccine in an attempt to allure people to click on a malicious link. And all are financially motivated.

Often phishing attempts utilise domain names that a user is familiar with which lulls the user into a false sense of security as they recognise the company or organisation that the email appears to be coming from.

If you are managing a remote team here are some steps you can take to prevent an employee falling for a phishing attempt.

Improve Email Security

Preventing suspicious emails from reaching staff inboxes is an effective way of minimising the risk of cyber attack. There is some level of security includedIT services and support in a standard M365 licence that can block span and standard phishing attacks but for truly reliable email security it is best to adopt a layered approach. Consider a solution from a dedicated cyber security provider such as Fortinet. Their Fortimail solution delivers advanced multi-layered protection against the full spectrum of email threats. Talk to an IT Service Provider who partners with Fortinet to learn more about this solution.

Utilise Web filtering

Web filtering involves preventing a browser from loading suspicious urls or webpages. So in the event that an employee clicks on a link in an email that connects to a suspicious url your web filter will prevent that site from loading. Your IT Services Provider will be able to set up web filtering for you adding another layer to your defence mechanisms.

Implement 2FA

2FA or Two factor Authentication is a simple step that can be used in the fight against cyber crime. Most users will be familiar with 2FA in some form as many banks and internet services such as payment platforms utilise it. 2FA involves inputting unique user information to prove your identity. Sometimes it’s in the form of a code that is sent by SMS to your mobile number. Or it could be your finger print or a piece of information such as your mother’s maiden name. 2FA is a form of identity management and means that access to systems is not purely reliant on passwords as passwords can be easily stolen or guessed. Again your IT provider can help set up 2FA across all users especially those who are working outside the security of the office firewall.

Adopt Patch Management

Patch management process involves identifying and deploying updates or patches to a variety of endpoints including PCs, laptops, mobile devices andAutomated Patching servers. Automated Patch Management Solutions mean that known vulnerabilities are dealt with in a timely and effective way, reducing resource time by automatically updating endpoints as patches become available. An IT Services Provider will be able to advise you on Patch Management.

Engage in User Training

Email remains the dominant vector for entry for cyber criminals. And user error remains the number one issue in the fight against preventing cybercrime. The more savvy your employees are the more protection your business will enjoy. Cyber Security training is necessary for all employees at all levels. Even the boss can fall for phishing attempts. Online cyber security training is a great way to reach employees who are based remotely.

Watch out for Keyloggers

Keyloggers, also known as spyware, are a type of software that is designed to record keystrokes and are one of the oldest forms of cyber threat. Keyloggers are used to steal personal or financial information such as bank details. Some types of keyloggers especially those on mobile devices can record calls, messages and GPS locations. Many keyloggers now come with ransomware that can be activated at the attacker’s discretion.

Your IT Provider will be able to advise you on the best security measures for your business. There is no silver bullet when it comes to adequate IT security. The most effective approach is a multi-layered one that combines a variety of mechanisms to deliver robust cybersecurity to your business. With remote working looking set to stay in some capacity for many businesses and cyber crime at it’s most prevalent now is the time to act.

Talk to your IT Services Provider or contact us for an IT Security review.

Webinar April 1st: Reinventing the Modern Workplace

Webinar April 1st: Reinventing the Modern Workplace

Like everyone else, we’re feeling really positive that COVID’s coming to an end. But as the world begins to get back to normal, many companies are reflecting on how they’ve managed to work effectively in a remote set up – and how employees are keen to continue doing so.

However, this means enhancing their current working environment and migrating more services to the cloud – to ensure the safety, security, and productivity measures needed to sustain remote working long term.

To show you a number of different ways you can get the most from the systems your teams are using – and to help you continue to evolve the way everyone works in a manageable way – we’re holding an online webinar on April 1st.

Interested? Sign up here for your free ticket to our ‘Reinventing The Modern Workplace’ webinar

Reinventing the Workplace with Windows VD

Reinventing the Workplace with Windows VD

What is Windows Virtual Desktop and what are the key benefits?

Windows VD is a desktop and app virtualisation service that runs in the cloud. It allows users to access their desktop and applications from anywhere and from any device. With built in intelligent security it can be deployed in minutes and can bring down existing costs with its pay for what you use model. As part of the Microsoft Cloud Services suite, Windows VD can be used within your existing M365 or Windows per user licence.

Access from Anywhere

Windows VD delivers a virtual desktop experience to any device making it an ideal IT solution for remote workers. Thanks to the Covid pandemic the remote workforce is now well established in most businesses and is likely to continue. To maintain productivity levels the remote workforce is more dependent on Cloud Services than ever before. With Microsoft’s Cloud Services and infrastructure, businesses can set up multi session Windows 10 deployments which are optimised to run in multi-user virtual environments. From a user’s perspective the desktop experience, no matter what device they use, is exactly the same as sitting in the office at a traditional PC.

Cloud technology

Reduced Cost of Ownership

From a cost perspective Windows VD is an ideal IT Solution that negates the need to purchase, deploy and maintain physical hardware. If your business already subscribes to Microsoft Cloud Services, M365 or an enterprise version of Windows you can create a virtual desktop for each user for free. Talk to your IT Service Provider to find out what is involved in setting up Windows VD for your business.

Scalability

Windows VD is managed through the Microsoft Azure Portal. You can scale up and down as your business dictates. Azure admins can allocate virtual RAM, create additional CPUs, allocate more storage etc.. quickly and easily through the Microsoft Azure Portal.

Security

If employees are working remotely it is inevitable that sensitive company data will be transferred and stored locally at some point which opens a business to risk. Throw in that many employees will be using personal unsecured devices and the risk is increased. With Windows VD the virtual machines are secured within Azure cloud. Data is protected by built in security protocols including Azure Firewall, Azure Sentinel, MFA and Advanced Threat Protection. Role based access can be determined also using the Azure infrastructure. Your IT Service Provider will be able to advise you on the best mix of IT security measures to suit your business needs.

Simplified IT Management

Through the Azure portal admins can easily configure a network and deploy desktops and security measures with just a few clicks. Centralised management means changes in policy can be easily rolled out across the estate. New users can be added quickly regardless of their location.

Seamless User Experience

No matter where, when or on what device a user signs into their virtual desktop they will enjoy the same experience. Whether they are managing their inbox in outlook, sharing files on OneDrive or using Teams to collaborate with colleagues the experience is the same, enabling them to pick up from where they left off with ease.

Microsoft Cloud Services

Reduced Downtime

With built in Site Recovery and Back up, Microsoft Cloud Services can help keep your team running during outages.  Your employees can continue working keeping productivity levels up and customers happy.

Why Now?

Virtualising desktops is the next step in digital transformation. If you’ve already migrated applications and data to the cloud hosting desktops there too gives you even more flexibility and agility. With centralised management and advanced built in security measures Microsoft’s Cloud Services, including Azure and Windows VD, deliver an ideal IT Solution to a progressive business. With more power, better performance, reduced costs and enhanced security Microsoft’s Cloud Services and Windows VD will help a business to run more efficiently, reducing capex costs and enabling innovation.

What Next?

Since its release Windows VD has been gaining traction across the business world. It delivers a better user experience with the latest security features inbuilt and it reduces cost. Windows VD took on extra importance from March 2020 as it enables easy and secure access to critical applications for remote workers. As working from home and BYOD become the norm a business needs an IT Solution that will deliver an efficient user experience, high levels of security and cost savings.

 

Talk to a reputable IT Service Provider with the right Microsoft Cloud Services accreditations. They will conduct a review of your current IT and devise a migration plan to move your business to a virtual environment.

Talk to our experts about moving to the Cloud and Windows VD