What is Cyber Security?
Cyber security is a catch all description for the technologies, process and controls used to protect computers, networks and data from unauthorized access, vulnerabilities and attacks.
At its most basic level there are a number of avenues through which a business’ cyber security can be breached.
These can be classified as:
This involves an attacker gaining direct physical access to your organisation. This could be as simple as stealing a device from the premises and gaining access to this device to somebody physically accessing a premise and in turn users machines and the company network.
Network access attempts
Access to an organisations network is most common attempted via remote access to a company network, website, cloud storage etc. The methods of these attempts are varied and range from the simple attempt to hack into a network using ‘back doors’ such as standard passwords for fire walls etc., through to setting up ‘fake’ wireless access services and capturing employees information when they login.
As employees are using mobile devices in the form of laptops, mobiles, and tablets, the opportunities for these devices to be stolen or accessed remotely increases. This then enables individuals to use these to access company networks and data. The rise of Bring Your Own Device (BYOD) adds further complexities to the issues of security protection.
What are the highest risk areas?
According to research carried out by the Ponemon Institute on behalf of HP Enterprise Security the most common cyber-crime attacks in the United States were via virus, worms and Trojans.
The recently released 2015 Information Security Breaches Survey has found that “50% of the worst breaches in the year were caused by inadvertent human error.” Physical access to the business is the biggest cause of security breaches and these are most commonly caused by current and former employees. At the same time current and former service providers, consultants and contractors along with suppliers, partners and even customers also pose a risk.
What can be done to stop it?
At a business level
The UK government has published its 10 steps to Cyber Security guidance for business to help support businesses in the drive to reduce cyber-crime. The infographic below provides additional details on each of the core areas. The full infographic can be found here.
The key areas for business consideration being user education and awareness, home and mobile workers, secure configuration, removable media controls, managing user privileges, incident management, monitoring, malware protection and network security.
At a personal level
Individuals can make sure that all the devices they use are protected by addressing the steps below:
Source: GFI Software Independent study examining the business and societal impacts of cyber security issues
• Regularly change passwords (every 60 days) and avoid using the same password across multiple sites
• Use and update antivirus software
• Add a pin password to all mobile devices
• Enable two factor authentication wherever possible
Is your business protected? in our next blog we will be discussing the impact of security on fraud. At Secure Trading security is paramount, call us on 0808 2780252 to find out how we can help with your cyber security requirements.