This month marks the 10th anniversary of European Cyber Security Month.
While we know that many of you will already be familiar with cybersecurity fundamentals, it doesn’t do any harm to refresh busy memories and minds, often too full of budgets and deadlines to prioritise digital security. But cyber-attacks have become all too common and in today’s money hungry world, no business is too small, no sector off limits. We all saw the chaos the 2021 cyber-attack caused the HSE. Whether you think your business is so insignificant that it wouldn’t merit an attack our advice is not to take your “seemed insignificance” for granted.
If you are a new start up or have a cohort of staff working remotely, cyber security should be high up on your risk management check list. It’ll pay dividends in the long run.
Cyber Security Explained
C
Cybersecurity is, in a nutshell, the protection of your IT operations – topology and systems – from the threat of attack, loss, and accidental or malicious damage.
Y
Your systems are constantly under threat of exposure to hacking, human error or deliberate vandalism so how you prepare for these eventualities is critical to their resilience and security.
B
Being prepared is vital. Putting the right security management framework in place at the outset is ideal but as with most things, getting it right takes time. By being fastidious in carrying out rigorous checks on security policies, procedures and personnel, your organisation can save itself a lot of time and money in lost, stolen, or infected data.
E
Ever evolving and adapting, cyber attackers and hackers always seem to be three steps ahead when it comes to new ways of appropriating data. Ensure you stay ahead of the hacker posse by setting out clear guidelines on device management, where when and how devices can be used. By restricting usage of third-party websites, limiting data access permissions to appropriate authorised personnel and ensuring the correct data and cyber management framework is in place to cater for remote working, your organisation can robustly lock down its systems.
R
Ransomware is one of the key means used by hackers to blackmail organisations. It essentially locks in your data, giving the hackers control and allowing them to use the threat of publishing client confidential data to demand large payment for its “safe return”.
S
Some fundamental risk-based anti-ransomware practices which your organisation should adopt to mitigate against the threat of this form of “data theft” include:
E
Ensuring all personnel are fully informed and aware of all cyber security threats including Ransomware and the implications of such a malicious attack on the company, including the potential threat to jobs should the attack be a large-scale one.
C
Clicking on unknown links is a big NO. If in doubt, refer to IT or delete the email. If you notice a pattern, immediately flag to IT so they can take steps to deal with the issue.
U
Under no circumstances should staff use/insert unauthorized USB sticks in their devices.
R
Regularly perform IT updates (patches etc.) and reviews of data and digital security policies, practices and software.
I
If in doubt, do not open a strange, suspicious or unusual email. As with dodgy links, refer to IT or double delete – delete from inbox and bin.
T
Take care to roll out virus protection across all devices, including anti-Ransomware software, keeping it updated on a regular basis.
Y
Your IT department should ensure devices are correctly set up and software (antivirus, firewall, user authentication – single sign on etc.) installed to prompt users to perform updates. They should also set aside key dates on which to perform company-wide updates across all servers.
Cyber Security Awareness
A
Always have data backed up and stored in a secure location. There are various options for data backup including full back up and mirroring, differential and incremental, offset and onsite, using tape, disk or cloud.
W
Whichever type of backup solution you choose, always ensure it is regular, resilient and replete. While full data backup does take longer, it ensures a complete copy of all your data is easily available within a single media set.
A
According to the EU Cyber Security awareness program, some 30% of businesses which handed over ransom money did not get their data back. BE WARNED.
R
Recognising Phishing emails, text and WhatsApp messages is now a central if annoying part of our everyday business lives. Being able to spot the Phish means your data won’t become the bait with which hackers and attackers can reel your organisation in.
E
Email-based phishing scams attempt to lure suspect targets typically by way of scare tactics.
“Your account has been compromised. Please urgently click on this link to cancel your account”
“Your laptop has been hacked. IT request that you download this software update to your machine immediately.”
N
Never ever click on a TAKE ACTION NOW email unless you can confirm the source. If you have any inkling that the email source could be suspect, pick up the phone to your IT and ask them to run a check on its authenticity.
E
Emails and text messages sent by scam artists can take many forms but often contain similar attributes such as incorrect syntax or spelling and very poor English. They typically contain .com weblinks (as opposed to.i.e., or.co.uk) – i.e. I recently received a text asking me to log onto a rather odd AIB website ending with .com – all AIB webpages have an.i.e., geolocation. In addition to poor wording and unorthodox web addresses, most phishing emails probe for confidential information such as bank details, log in ID and passwords etc. etc. Banks never ask for information which they already have on file, and they certainly never ask for log in codes passwords. NEVER DIVULGE CONFIDENTIAL DATA – PERSONAL OR BUSINESS.
S
Steer clear from opening attachments from unknown sources. Unless you are confident that you know the sender, avoid opening unexpected emails and most certainly do not open any attachments. If in doubt, contact your IT department.
S
Should you inadvertently click on any link or attachment that ultimately begins to probe for confidential information or guide you through an irregular recovery process, STOP IMMEDIATELY, and contact your IT department without delay. They will know how to deal with the situation. Don’t panic. Simply stop what you’re doing, get in touch with the experts and let them handle the issue.
Most of all dot the i’s and cross the t’s from the get-go. If you have a solid cyber security program designed, developed, and put in place, the chances are you’ll have given your systems the robust protection they need.
How can CG Business Consulting help me with Cyber Security?
ISO 27001 Information Security Management standard is the international benchmark for cyber security frameworks. Certification is simple, made easier by working with a dedicated ISO consultant.
CG Business Consulting will get your team certified in twelve weeks guaranteed. Our experienced training specialist will guide you through the key steps of risk assessment, establishing the management framework, drafting documentation and continuous improvement planning amongst other things. We also support you through the audit prep and management to ensure your ISO 27001 audit has a successful outcome.
For more detailed insights into ISO 27001 check out our dedicated page here 
https://www.cgbusinessconsulting.com/standards/iso-27001/
For more information on our this or other ISO services contact Rob at hello@cgbc.ie or phone us on 01 – 620 4121.
