Most cyber security incidents take place due to vulnerabilities within a network or system. Often, these vulnerabilities are publicly known and cybercriminals will search for these online, as soon they become known, so they can exploit them. They don’t often target specific businesses and it’s therefore massively important for businesses of all sizes to install updates/patches as soon as practically possible, especially for any internet facing systems. Having a good vulnerability management policy is essential.
For lots of businesses, enabling Automatic Updates for systems, software and apps, is a great starting point.
Quite often, cyber criminals can have access to a network long before they disrupt a business. They use this time to scout for information and determine the best way to have the maximum impact. Spotting unusual activity on your network can help to prevent cyber-attacks and reduce the impact if one does take place. To be able to do this, it’s important that network activity is monitored, logged and actively reviewed in a timely manner.
Identity and Access Management
It’s essential that your business is able to identify anyone accessing your network and systems, ensuring that each user account only has permissions to information they need for their role. Every business should have well documented access management policies and multi factor authentication should be consider for all users.
If you only have own computer/system, it's a good idea to still set up a user account that is not an administrator, restricting its system privileges and then use this for your regular business. If anyone does then gain access to it whilst you are logged in, they will not be able to run administrator tasks such as installing software.
Physical security is often overlooked when it comes to protecting your network and devices but it can be just as important as the other areas discussed above. If you have physical infrastructure, you should think about how it is secured and how has access to it. Installing Physical barriers (e.g. access cards) and CCTV.
Many businesses will use a router in order to access the internet and its therefore really important that the default password associated with the admin account is updated with a strong, unique password.
Downloading & File Sharing
Businesses should think about the types of files that the employees need access to and where these files will be obtained from. Cybercriminals often use file sharing sites to circumvent