11.07 – Controlling Your Cyber Security
The government ranks hostile attacks on UK cyberspace as a Tier One Priority Risk, highlighting the critical importance of cyber security. Implementing measures to protect websites, networks, computers, programs, and data from attacks, damage, and theft is essential for all businesses, regardless of size.
Understanding the Threats
The following are some of dangers that you should be ready for when working and doing business online:
Bring Your Own Devices (BYOD)
Employees using personal mobile phones, laptops, and tablets for work can pose serious risks if these devices lack professional security protection.
Card Not Present (CNP) Fraud
This involves fraudsters using stolen card details to make purchases online or over the phone. Although diminished since 2008 due to Mastercard SecureCode and Verified by Visa, it remains a significant concern.
Network Access Control (NAC)
The proliferation of devices makes it challenging to know who’s accessing your network. Security systems must protect your business network from unauthorized access via USB memory sticks, laptops, tablets, and smartphones.
Spoofing, Phishing And Pharming
These frauds trick recipients into revealing personal financial information through fraudulent emails or web links that appear genuine.
Spyware
Malicious software designed to penetrate systems and access sensitive data. It includes:
- Virus: Interferes with computer operations, redirects traffic, hacks data, or causes system failures.
- Keystroke Logger: Captures and records user keystrokes to steal confidential data.
- Trojan: Masquerades as legitimate software while giving hackers access to systems.
Adopting Preventative Measures
Use these measures to ensure that you’re not the victim of cyber crime:
Security Solutions
Employ a combination of anti-virus software and firewalls, and regularly update all software and hardware. Most security software includes automatic updates to counter new threats.
Firewalls
Act as a barrier between your PC or network and the internet, preventing unauthorized access and hiding your online presence.
Password Policies
Implement robust password policies using a mix of letters and numbers, and change passwords at least twice a year. Tools like Password Meter (www.passwordmeter.com) can help assess password strength.
Documented Security Procedures
Establish clear security protocols for email, internet, and mobile devices, and train staff in good security practices.
Regular Security Testing
Conduct regular security tests on email systems and websites. Consider live tests to raise awareness and ensure compliance.
Cloud Security
Ensure your cloud service provider maintains high security standards. Utilize resources like Tufin’s free guide to cloud security planning (www.tufin.com/resources/cloud-security-guide).
