It’s a new year, but in cyber security nothing much has changed. You probably still need to be concerned about phishing, ransomware, data loss and shadow IT. So why not start the year well, and add freshening up your cyber security to the list of resolutions, somewhere in between exercising more and drinking less?
I: Freshen up account security
How long until the first big account breach of the year? Sadly it’s probably not very long. Unless all of your team’s online accounts are in a good state, then there’s likely some updating to do. Everyone should make sure that all important passwords are complex, unique and stored in a password manager, and strong Multi-Factor Authentication (ideally using an authenticator application or hardware token) should be turned on for every account that’s important to the business.
II: Confirm what you have online
If it’s online, someone can find it and try to hack it. It can be hard to keep on top of what sites, systems and servers are online, especially if you’re in a technical field with requirements for lots of kit. It’s a good idea to regularly check what you actually have online, which may not be the same as what you think you have online. Check back with us later in the year and we may well have a great solution for exactly this problem.
III: Double check your email configuration
If your accounts are in good shape, you’re on top of your online attack surface, then maybe next on the list is your email configuration. If your SPF, DKIM and DMARC setup isn’t 100% correct there’s a good chance someone could send spoof emails from your domain, or a chance all your emails aren’t getting through. With phishing a big danger in itself, and often a part of ransomware attacks, tightening your email configuration can help to protect your users from malicious emails.
IV: Measure where you are
With so much time, focus and money spent on cyber security, it’s reasonable to want to feel like you’re making progress. But how can you do that quantitatively unless you’re regularly trying to measure where you are? The formal approach to this is a cyber security maturity exercise. These can be very long, paper-heavy exercises that consume a lot of staff time, or consultancy budget. But if you scope it right you can create an achievable, repeatable process for measuring the holistic cyber security maturity of your organisation.
If you’ve not tried to measure maturity before and want to have a go yourself, try the NIST framework, which tries to measure the maturity of five key cyber-security activities (
recover) against one of four tiers (
V: Consider what you’re spending on security products
As we enter the last financial quarter and everyone starts eyeing up the unspent budget, maybe it’s worth re-evaluating what you’re currently paying for cyber security products. What’s the actual business benefit? Are they working for you, and how do you measure their impact? Maybe now is a good time to re-evaluate what you’re paying for and what you get from it, and start planning the budget for the next financial year.
And of course, if you are looking to use that unspent budget on a security upgrade and want a better way to securely transfer files to other organisations, check out our Trebuchet tool.
VI: Address that guilty security secret
Most companies that have been around for even a little while have at least one guilty security or IT secret. Whether it’s updating or replacing those old machines running that service that’s actually pretty important, finally purging all those dormant accounts, or implementing an important but likely unpopular policy, what better time to do it than now?