If you’re looking for a cyber security checklist to help you prevent falling victim to cyber-crime, look no further! As cyber security specialists, Virtuoso are here to guide your business to safety!
You might feel tired of hearing about cyber-crime being a never-ending threat to your business. But the facts are clear – growing businesses are more susceptible to risks and costs from attacks like phishing, malware, and ransomware, and must do more to protect themselves in today’s technology-driven world.
At the risk of sounding like a broken record, it’s important to understand the threats your business is facing, so that you can avoid an incident that could cost your business everything – from finances to reputation.
Here’s some statistics on cyber crime in NZ from 2021-2022:
As our technology landscape has developed, it’s become increasingly complex and difficult to navigate. There is a growing selection of intelligent and deceiving cyber-attacks today, from malware to phishing, to brute force, DNS spoofing – the list goes on! That’s why it’s vital to put thought and consideration into your business’s cyber security strategy so that you can prevent as many attacks as possible and be prepared for when it happens to you.
Whilst it’s impossible to ever guarantee your business will be completely safe from cyber-crime, there are things you can do to keep one step ahead of hackers. With this quick 10-point cyber security checklist, you can rest assured that you have taken all the necessary steps you can to strengthen your business cyber security posture.
It used to be that passwords were encouraged to be very complex and changed frequently. Unfortunately, this led to a history of people forgetting their passwords and thus, reusing or writing them down. They were hard for people to remember, but easy for hackers to guess!
Today, we encourage businesses to adopt strong password policies and only change passwords when necessary. This means passwords are simple but long, making them more difficult to crack. With many systems today allowing businesses to deploy password policies directly, your IT support provider can help you with developing unique and robust password policies across all your workloads.
Multi-Factor Authentication, or MFA, is an easy yet efficient way to make your business accounts secure. Most applications and platforms will support this now. It works by requiring users to use multiple methods of verification to authorise logins.
By using a free MFA tool, like the Microsoft Authenticator app, you will be given a unique 6-digit number that is changed every 30 seconds, which will allow you to log in to an app from your smartphone. This means if anyone else tried to access your personal account (like a hacker), they would be unable to get access with just your username and password. This adds an extra layer of security that is simple but difficult to infiltrate!
An easy access point for hackers are endpoints (such as desktops, laptops and mobile phones), particularly with the rise of remote working meaning that systems and applications are accessed from both corporate and personal devices and therefore, are less controlled.
Endpoint Detection and Response technology, or EDR, will notify and expose threats to your endpoints, as well as offer you the opportunity to restore your affected business devices to their pre-threat state. If working with an IT partner that specialises in cyber security, this can be implemented and monitored remotely, on your behalf.
Identity and access management is the process of managing access to systems via an individual’s role or responsibilities in the business. For instance, you might wish all your salespeople to have access to contact data within a CRM, or you might want all your senior managers to have access to information about employees.
Within platforms, like Microsoft 365 for example, access management can be determined by groups or Role Based Access Control (RBAC). This allows you to have better oversight of who has access to information in your business and allows you to restrict it when necessary. This should be included on your cyber security checklist!
Getting rid of costly, unreliable physical servers and introducing a cloud-based way of working is one of the easiest ways to improve your data security and is one to include on your cyber security checklist.
Why? Because data in the cloud isn’t physically accessible. It benefits from all the aforementioned security measures, as well as encryption – which means that data cannot be read by those it’s not intended for. As well as this, cloud data can benefit from constant security updates, AI-based security, automatic patching, virtual firewalls, third-party security testing and more.
Having your data stored securely is one thing, but ensuring that it’s regularly backed up is an extra IT security measure that you can take to prevent the loss of crucial business information.
As a Microsoft partner, our customers benefit from various levels of data retention within Microsoft itself. However, we take an extra step to cover our customers with a market-leading data backup solution, that combats ransomware attacks, user errors or permission fiascos and ensures business resiliency.
Email is often an area of business that is missed when it comes to cyber security, but should be on your checklist. There are countless sophisticated email-based cyber-attacks circulating today, including phishing, business email compromise, account takeovers, identity spoofing, and credential theft.
Having appropriate measures in place to analyse the attributes of your employee’s communications will means threats are detected early, enabling quick opportunities to quarantine this. With the right IT provider by your side, you can introduce intelligent email security software that will enable you to have better oversight of your business’s email behaviour and risks.
Have you considered your printer a risk? Take this scenario. You’ve chosen to print a document, only to find yourself distracted on your way over to the printer. By the time you arrive, the document is gone. You could print it again, but what if that document was confidential? Suddenly this scenario is more serious. Private information has been leaked and you have no way to reclaim it.
Cloud technology, like Printix, can be installed onto any Windows, Mac or mobile device and acts as a mediator between person – and printer. It has a “secure print” option, which means a document will only print once you’re ready for it and stood at the printer. Amazing, right?
Human error remains one of the biggest hurdles when it comes to cyber security. Whether it’s clicking on a phishing email, downloading a malware-ridden file, or leaking private information – your staff are your biggest weakness when it comes to cyber crime. Unless, of course, they’re trained to detect threats before they have a chance to strike.
Whether you’re working with a cyber security partner, or not, you should make cyber security training an integral part of your business. At Virtuoso, all our customers’ staff have access to endless security training via our customer management portal, TechHub. Customers can access information on cyber security, take security awareness training courses and submit queries or concerns.
The last, and final, step in ensuring you’ve ticked off all the essentials on our cyber security checklist is to introduce a cyber security partner to your business! By working alongside technology experts, you won’t have to tackle any of the above-mentioned tasks alone. In fact, the majority of these could be implemented and manage on your behalf!
At Virtuoso, we pride ourselves on offering peace-of-mind by giving the best cyber security services to our customers. Whether it’s monitoring and responding to threats, or rolling out new security tools across the business – we can handle it. Our job is to allow you more time to focus on your business, whilst we keep you safe and secure in the process.
We’d be happy to talk you through how we would support your business by ticking off all these cyber security steps – and then some!