Strengthening Your Cyber Defences in the Workplace

by Tony Richardson CISSP

A year that’s seen security breaches in organisations ranging from Microsoft to the Red Cross shows us that no-one is safe from cyber-criminals.

A year that’s seen security breaches in organisations ranging from Microsoft to the Red Cross shows us that no-one is safe from cyber-criminals. Not only are the criminals themselves becoming ever more active and ingenious, but the challenges for staying safe are greater, too.

Cybersecurity within defined premises can be challenging enough, but far more so when many employees may be working remotely on their own devices. This makes it essential to have robust policies in place that will stop breaches before they happen.

Being Prepared for a Cyber Attack

The first step for any organisation to take in order to build a strong cyber defence is a comprehensive review of the current position. This allows you to identify what needs to be done.

On the whole, cybersecurity should encompass both the proactive and the reactive. Proactive procedures include awareness training for everyone in the organisation, from the newest recruit to the CEO, in order to ensure that everyone is able to recognise threats and know how to counter them. This should also be an essential part of the induction process for new staff.

Reactive procedures, on the other hand, include both detection and response technologies. These will ensure that, if an attack succeeds in getting through your people, you have defensive technology that can isolate and neutralise it before it has a chance to do harm.

Training and Policies Against Cyber Attack

As mentioned, all your people should be trained to recognise a threat, but there should also be policies in place that can be used to take action once the danger is identified. This should involve a culture of collaboration and trust, where reporting is safe and simple.

You also need to have strong technology and data processes in place. These should start out by identifying what’s normal, so that it’s possible to recognise the abnormal when it happens. These policies and processes should cover information security, data protection, cloud use and disposal of equipment.

Zero Trust Policies

We’ve already emphasised the important of a culture of trust, so it might seem strange to also advocate zero trust policies — but these are entirely different matters.

A zero trust policy simply means that the minimum possible permissions and access are granted to allow any individual to do their job efficiently. Even a well-trained employee can be fooled by a highly sophisticated cyber attack, so the fewer people who have access to a particular system or type of data, the less harm is likely to be done by such an attack.

This includes removing permissions from anyone leaving the organisation, or moving to a different part of the organisation where the permissions are no longer relevant. Departing employees should certainly no longer have access to any sensitive data, even if they’re leaving on good terms — any more than they’d keep hold of keys to the building. A transparent policy that’s applied in all cases will make it clear that the person isn’t being individually mistrusted — it’s simply a universal process.

Protect Your Organisation Now

The cyber-criminals don’t rest. If they haven’t attacked your organisation yet, it’s just a matter of time. And it’s your choice whether they’ll meet a strong defence or an easy target.

Get in touch with us and find out how SecuraProTM can help you keep the criminals out.