We all face similar cyber threats; however, each organisation will be impacted differently, not just because of technical differences but the people, devices, processes and, most importantly, data. We recognise that a security posture for one business is not necessarily going to be a fit for another. At Riverbank we aim to provide cyber security solutions that work for you. We can also support organisations with implementing security policies and compliance with any governance and legal requirements, such as Cyber Essentials, GDPR, ISO-27001 and even your prospects Information Security Questionnaires. We recognise that the solution is not always technical, or policy based and in the continual battle between cyber criminals and the security industry there is also a place for cyber insurance to cover your business in the event of a cyber breach or fraud.
If you think your business is too small to be a target of an attack, then think again. With hacking tools, bespoke viruses, compromised login accounts and bots for sale to anyone with a smidgen of technical know-how, a few pounds in their back pocket and of course a willingness to cross the line into criminal activity it is very easy to set up.
With over 20 years’ experience helping organisations define and implement their cyber security policies, Riverbank have the skills and expertise to ensure your business is protected and any risks are mitigated. Security is not a set it and forget it task, we continually manage and review our solution stack and your cyber security posture against emerging threats.
What next? We break our security philosophy into Six core elements,
see below to learn more about securing your business.
Let’s start with your organisations attitude. Does your organisation recognise the need to protect your people, suppliers, client’s data, let alone your intellectual property or confidential information from harm? What about their statutory obligations around GDPR?
If you’re unsure where to start, or you’re uncertain of just how robust your cyber security is, Cyber Essentials is a great starting point. Cyber Essentials is a Government backed scheme that will help you to protect your business, whatever its size, against a whole range of the most common cyber- attacks. There is also an optional GDPR assessment add-on. Decision makers will get a gap analysis report based on an assessment developed by the combined brain power at the Governments’ GCHQ.
Are your staff your biggest security threat?
Because employees are the core of any business, they will be the main target for cyber criminals. Phishing, Spear Phishing and Whaling are all activities used by cyber criminals that are probably targeting your staff right now. Periodic and random testing combined with keeping your staff up to date with cyber security knowledge and educating them to recognise threats is imperative to the security of your business. In fact, making sure your staff are trained on cyber security is normally a requirement for any cyber insurance and a question likely to be asked by the ICO if there were a data breach.
You need to ensure your sensitive data is protected no matter where it is. Leaving a laptop on a train is frustrating from a disruption point of view but what is more worrying is the data contained on that device. You've lost your device but how do you protect the data and demonstrate that it was protected?
In addition, how can you ensure information that is only for certain internal staff or an external partner is protected from prying eyes. Particularly when that information is held in cloud-based systems or accessed by 3rd parties?
Backup and disaster recovery is a challenge every business must address, a well thought out and tested plan is essential. You don’t want to be scrambling around when disaster strikes. We believe it is the final piece in your security plan jigsaw. Whilst having the right security technologies and policies in place is important, having a tested and managed backup system means your business is fully protected and gives you peace of mind.
Protecting your company network from an outside attack is clearly important, whether that’s using a managed firewall through to a WiFi solution that protects your business from the outside. These two things alone, if managed effectively will significantly reduce the risk of compromise.
The biggest attack vector is phishing attacks using email, with most businesses now using Office 365 you should seriously consider a cloud-based email security service to stop malicious emails getting to your users’ inbox.
It used to be the case that having password complexity and changing passwords was considered enough. Not any longer. Advice from GCHQ is that you should not change passwords, instead make them unique and complex for each service you use and have another factor (also known as Multi Factor or Two Factor Authentication) to authenticate. With so many passwords to manage, you also need a password manager to help you. To wrap up identity, it useful for your staff to know if they have compromised credentials for sale on the dark web, that way they can review the credentials stolen and ensure they are not being used with any services they may use.
With modern working practices you need to manage company devices and sometimes personal devices from anywhere at any time to ensure your data is protected.