Ransomware is unfortunately lurking around every corner. With things like remote work opening ourselves up to vulnerabilities and the recent HSE attack, there’s every sign that businesses need to be on their cybersecurity toes. There are a number of standard measures that any business can take to protect itself. But beyond that, we like to live by the following for protecting our IT systems and our client’s interests.
We implement network security controls
This starts by having a firewall, firewall content filter, and anti-virus in place and keeping them up to date. This process is fully automated meaning your security will never skip a beat. More basic security protocols include multifactor authentication for remote email access and regular password updates for all systems that allow access to any personal or confidential information. Beyond these, we also have an intrusion detection system and an intrusion preventions system.
It is not enough to just implement these controls and forget about them. We conduct a thorough annual network assessment as well backing up all critical system data hourly to both disk and cloud. This backup is designed to be easily restored during a disaster scenario and tested quarterly to ensure it is in optimum working condition. Finally, we have procedures to terminate user access rights when employees exit. This is key for ensuring threats don’t come from departing employees looking to sabotage the business. Something we hope wouldn’t ever be a concern but one that we plan for nonetheless.
We also implement privacy controls
To make sure as little sensitive data is shared as possible, we restrict our employee access to sensitive data based on job function. Next, we make sure employees are trained annually in privacy and information security. The cybersecurity landscape is forever changing so keeping our employees up-to-date is fundamental in helping to keep ourselves and our clients protected.
To top it off we even assign an individual responsible for privacy and security procedures that will monitor changes in any regulation that relate to the handling of your sensitive data. To complement these measures, we also like to make sure we’re demonstrating our privacy policies adequately. This means we have a publicly available privacy policy, we’re fully GDPR compliant, and we have a written policy regarding data retention and destruction.
There are also several additional measures we like to take
Firstly, we ensure that all mobile devices are encrypted. All our data that was previously stored locally has also been moved to The Cloud, now much safer under multi-factor factor authentication. We also employ Intune Device Management setup to mark our devices as compliant, in line with baseline requirements such as whether they’re encryption enabled, newly updated, etc. In a similar vein to how we restrict our employee access to your data, we also ensure that the principle of least privilege is applied to your organisation too; everyone in your business will only have access to the bare minimum amount of data required for their job.
These are our go-to solutions, but there is no silver bullet when it comes to cybersecurity, there’s no one thing that will resolve all problems and that’s why there are many parts to the security solution. It is also not realistic, if you’re connected to the world via the internet, that you will ever hit 100% when it comes to cybersecurity. Our aim for both us and our client is to improve our security posture as much as possible with an eye to what the budget allows and to constantly review and improve as the threat landscape evolves.
However, there are of course further measures you can take, but that will depend on the nature of your business and what you need specifically. If you want to ensure the safety of your data, click below to book a meeting with a cybersecurity expert today and start protecting yourself from ransomware, viruses, and more.
