Cyber Security – Get the basics right

The realm of cyber security can be overwhelming. With the rise of a hybrid and remote workforce, we’ve seen an increase in cyber-attacks and threats seem to be getting more and more sophisticated. While most businesses understand the importance of cyber security, many might not know the steps to take to improve their security posture.

With news about data breaches, phishing and ransomware attacks, it’s easy to think that to protect your organisation you need to spend thousands on a series of complex cyber security tools. However, this could be a misplaced investment in time and money that may not necessarily make your business any safer in the face of cyber threats. So, how do you protect your company? Start by going back to the basics.

Know where your data is.

If I asked you today where your important data is stored, would you know?

Knowing where your critical assets are located is paramount, but more often than you think companies don’t know where their data is. In fact, a report by the Institute of Directors (IoD) found that as much as 43% of those surveyed couldn’t identify the location of their critical data.

If a lot of companies don’t know where their critical data is, even fewer have the necessary controls in place to protect that data from unauthorised access. For example, lost or stolen laptops have played a major role in many data breaches because employees have copied confidential corporate data to their devices without the correct controls in place (such as access control and data encryption).  Equally as common these days, is that confidential corporate data finds its way onto public cloud storage platforms such as Dropbox and Google Drive without the company being aware of it.

Camwey has partnerships in place with data-centric security solutions to help you identify where your important data resides. Furthermore, we offer a pragmatic approach to protecting this data from intentional or accidental leakage or misuse.

Know your suppliers.

You might be confident about your company’s security, but do you know how secure the companies you work with are?  Consider suppliers, vendors, partners and other entities of any type.

Third-party security is often overlooked and it can be challenging to assess your vendors’ security at all times – particularly when you work with many third-party entities. But if the supply chain is compromised, your company’s security might be compromised as well.

Nowadays, there are some smart third-party risk management tools available that can help you get an accurate view of your suppliers’ cyber posture, making it easy for you to interact with them and quickly resolve any issues.

Camwey recently partnered with Panorays, an innovative third-party security risk management platform that allows users to manage, mitigate and remediate supplier security risks, reduce breaches and improve security across the board.

Focus on the end-user.

As the old adage goes, “You’re only as secure as your weakest link.”

We’ve seen a lot of talk in the news about new cyber-attacks, but having been in the industry for over 20 years it’s clear that the attackers continue to exploit the same key vulnerability: the end-user.

The threats may change, but users remain the weakest link in almost every company’s cyber posture. Because of this, security awareness training needs to be an essential part of your company’s defences.

In short, many employees will not know how to protect themselves online. This will certainly put your business at increased risk. Training sessions to embed security awareness in staff will promote “safer behaviour” online and will help them recognise the latest scams.

Provide ongoing support to make sure employees have the resources they need. When it comes to password management, for example, it’s good to keep in mind that while there are open-source tools available that may suffice on an individual basis, there are also commercial solutions available that may be a better fit when you consider company-wide password management policies and strategy. Don’t forget to ensure your password safes/vaults remain accessible in a time of crisis!

There are a lot of resources available for small businesses that can help improve their security posture, like this guide from our friends at the NCSC.

The importance of the Endpoint.

The coronavirus pandemic has created new challenges for businesses as they adapt to an operating model in which working from home has certainly become the new normal. Also, as Cloud services adoption continues to grow and networks have become more decentralised than ever, it’s essential to have a clear strategy and strong capability when it comes to   Endpoint Security. Companies need the ability to prevent attacks on endpoint devices in the first instance. However, if any threats do make it through these preventative controls, we need to be able to detect and respond to such threat activity – which will be happening outside the traditional boundaries of corporate networks.

When considering which vendor solutions to work with, lean on a trusted partner.

There are a myriad of vendor solutions out there, claiming to solve all manner of cyber security challenges. It can be overwhelming to understand all of these in sufficient details to determine what may or may not be right for your organisation. My advice would be to lean on a trusted partner who can provide some impartial guidance based on experience of addressing similar challenges faced by organisation like yours. 

Vendors tend to have a polarised view of the world believing all you need is everything in their solution portfolio, though no one vendor is the answer to all your challenges!

In summary…

If you take anything away from this article, let it be this:

• Don’t get distracted by complicated, expensive solutions thinking that is the answer to your security problems. Without the right approach & resources, you won’t see positive ROI and you may be no more secure than before.
• Don’t overlook the critical importance of security awareness training for your users as they are most often your weakest link.
• Don’t assume a single vendor offers the best solutions for all your security needs. When it comes to selecting security vendors, there can be benefits in diversity as much as in consolidation!  Have a trusted partner guide you through the process.

Camwey is a boutique security partner providing industry-leading solutions to solve the complex security challenges that organisations face today. We work across both public and private sectors.  Our team of experts offer end-to-end services and support in all areas of Cyber Security. If you’d like to find out more about how we can help you, please GET IN TOUCH.