Cyber Security Awareness Month is an opportunity to inform, educate and raise much needed awareness of the day-to-day risks to your sector, organisation and employees, from the various cyber threats that exist. However all too often, organisations and their employees can become so fixated on identifying and defending against the new and emerging cyber threats of our world that the fundamental cyber security basics we sometimes take for granted, can easily fall off the radar allowing complacency to set in…a gift to cyber criminals.

This Cyber Security Awareness Month, it’s time to regroup and combat complacency by going back to basics; ensuring best practices for even the most rudimentary of cyber security measures and giving them the attention they need to make sure your business, employees and clients are safe from the many cyber threats we encounter daily.

What are the Cyber Security Basics?

The basics of cyber security, sometimes referred to as “cyber hygiene” are essentially the “bread and butter” of your organisational cyber security efforts. It’s often a foundational start-point for your business and covers core security efforts such as:

• Ensuring software is kept up to date with the latest patches and updates

• Securing Files Appropriately – cloud and external storage backups

• Password Security Measures

• Device Encryption

• Use of Multi-Factor Authentication (MFA)

Software Updates & Patches:

Keeping your organisations software up to date and fully patched is a key element to ensuring uniform security across your business’s devices. Leaving even one employee’s device with outdated software could pose as a gateway to cyberthreat actors who could identify a weak link in the organisational chain and gain access to your organisations databases and information.

File Security:

Maintaining appropriate file security measures is arguably one of the most important, but easily overlooked elements of cyber security as it directly relates to the information, data and content that your organisation stores and uses to conduct business. Ensuring both cloud storage and external drives are regularly monitored and secured as well as backed up to prevent instances of data loss, is a key element of an organisation’s cyber security and theft prevention. Additionally, The Data Protection Act 2018 (GDPR in the EU) regulations make it legally binding for businesses to consider the way in which they store both employee and client/customer data and information. Failure to adhere to the legal standards set out by The Data Protection Act 2018/GDPR legislation can result in large fines for a business and even a suspension from operational activities if found to be in severe breach of these laws.

Password Security Measures:

There are a range of security measures and procedures a business can apply to its passwords and password policy. Potential measures include setting character limits to ensure employees are utilising longer passwords that cyber criminals would find harder to identify and requiring a range of upper-, and lower-case letters, as well as numbers and special characters. Additionally, organisations could encourage staff to utilise password managers that would allow for employees to have unique, automatically generated, and strong passwords for any accounts or software that they are required to log into.

Device Encryption:

Ensuring all devices used within your business are well encrypted will minimise the risk that a potential cyber actor could compromise the device and gain access to valuable and sensitive information related to your business, staff and your clients.

Multi-Factor Authentication:

Utilising Multi-Factor Authenticator technology to provide an additional layer of security to areas of your network that contain sensitive information and data, is another sensible and effective way to boost your cyber security efforts without the need for specialist network security investment and can be implemented across your organisation quickly and easily.

How can PureCyber Help?

Our dedicated team of cyber security and compliance experts are available to help secure your organisation and provide a bespoke, tailor-made cyber security service. Our service subscriptions offer a range of cyber security solutions for organisations of all sizes and scopes. From vulnerability scanning to penetration testing, incident response and active threat detection, our cyber solutions ensure you can operate safely and securely with reassurance that your business, employees and customers are safe from cyber threats.

Need a refresh? No matter what level of cyber security knowledge you have, it is always valuable to refresh your understanding of terms, topics and techniques. Our PureCyber glossary of terms is the perfect place to brush up on your understanding.

Links: FTC Factsheet

CISA Cyber Security Best Practices

NCSC 10 Steps