Cyber Security is like basic hygiene - Waypoints article
There are a few simple things that need to be done to prevent the majority of malware. We have to remember that the internet is a vast domain populated by a lot of people, and that like society as a whole, there will be those looking to cause harm.
Cyber criminals rely on two things – inattentive users and poor implementation – which allow them to circumvent most standard security systems. If they find an environment is too difficult or toxic, they will go somewhere else. It should be your objective (and ours) to make your environment as unattractive as possible for the potential hacker. This can only be done if the basics are observed, and this is why Astaara’s suite of cyber risk management services exist.
At the very minimum, organisations should:
■ Change default passwords and use strong passwords everywhere.
■ Ensure your firewalls are
on and properly configured.
■ Ensure your antivirus is up to date.
■ Manage user access and privileges.
■ Know your networks, continuously monitoring them for any anomalous activity.
■ Keep your software updated and
■ Test business continuity and disaster recovery plans regularly, and learn the lessons from those tests.
In addition, you need to ensure that all your staff, from chief executive downwards, are properly trained, and that awareness of the threat is maintained. Make sure that management is involved in this process, and that there is somebody visibly accountable for the risk at Board level.
It should be your objective to make your environment as unattractive as possible for the potential hacker
These basic measures will protect you from the majority of attacks. Depending on your size, criticality and proportionality, you may wish to go further and use such frameworks as the Cyber Assessment Framework (CAF) or the US NIST framework as the basis for your security posture. Whatever you choose, you have to make sure you invest appropriately.