Building the foundations for success
How to protect what you value most
In the digital age, our businesses not only rely on but survive on the reliability and security of our IT systems and infrastructure. An outage or loss of any magnitude could be disruptive to the efficiency of business operations, be costly in the loss of business or breach legislative and industry compliance obligations.
To protect the fabric of our livelihoods we must act in the defence of our data and IT services.
Where to begin
There are a number of cyber security steps that are essential to acquiring base-line protection from common threats, and we believe that should begin by adopting the key security pillars outlined in the UK government’s flagship Cyber Essentials programme.
Whether you chose to apply and get certified for the programme or not, applying the best practices detailed within Cyber Essentials would level-up your defences and help mitigate your current level of risk.
What is Cyber Essentials?
To help businesses on a track of the best cyber security steps to take, and to become recognised as having successfully implemented those steps, the UK government launched the Cyber Essentials programme as a rolling process of implementation and annual re-certification.
Businesses that become accredited get to use the Cyber Essentials badge on their marketing material, which helps them to promote publicly that they are a security-conscious and compliant business.
Achieving a Cyber Essentials accreditation will also open doors where the most public sector and some private sector tender processes are concerned. Supply chain partners to the NHS for example, are all expected to be certified to the standard.
What does Cyber Essentials expect?
Cyber Essentials has 5 controls that cover the basic key components of securing your IT assets and data – in-turn making it more difficult for cybercriminals to breach your network.
- Firewalls
To protect the perimeter of your network, you need a firewall to sift inbound and outbound traffic – closing doors that are vulnerable to exploitation from cybercriminals. A well configured firewall (which can take the form of a piece of hardware or software) will determine who has permission to enter your network and what data traffic may enter, and importantly, what may leave your network – restricting the possibility for data to be stolen.
- Secure configuration
Applying best practices to the way your network and systems are configured will prevent potential misuse and from that individual system becoming exploited, should the user inadvertently fall victim to a malware or phishing attack for example.
- Access control
Between cyber security and company best practice access protocols, you should limit system access permissions on a ‘need to know’ or ‘need to access’ basis. Restricting access not only restricts staff from accessing files and folders outside of the remit of their role but limits the potential reach should a cybercriminal breach one of your systems. Administration rights are the holy grail for hackers, giving them the keys to do untold damage to an individual computer or potentially the whole network.
- Malware protection
Malware is the umbrella phrase used to explain malicious software (perhaps historically always referred to as viruses) that are designed to cause disruption or theft from your network. Two common forms of malware include:
Ransomware – a means of locking out your access to your files & folders, sealing them in behind an encryption key held by the hacker against a considerable ransom sum.
Key Logger – software which quietly hides in the background of a computer system, recording every single key entry made by a user in an attempt to collect usernames and passwords; making it easier for a cybercriminal to stride straight into your network with little hacking effort.
- Patch management
Hackers are constantly working to exploit vulnerabilities within the software applications and operating systems you use every day. By employing patch management, you will keep your software up to date and secure by rolling out critical updates as they become available.
How to begin your implementation
There will inevitably be operational concerns and individual requirements within the business to use IT in the most efficient way. Although taking quite a global approach, the requirements of Cyber Essentials are not always hard and fast – there is scope for personalisation, within reason, to best accommodate your working practices while not diminishing your cyber defences.
You must though, however, justify and document how and why your approach is as such to each of the accreditation parameters. If the approach is not deemed adequate, because it will likely degrade the margin of cyber security or potentially permit a breach of certain data processing regulations (such as GDPR or the Data Protection Act) you will fail the assessment.
To bridge this gap, understand the requirements on both sides and draw-up a compliant plan that supports the business operationally while locking-out the scope for cyber breach, you need expert advise through a competent technology partner. A partner that adopts a customer-first approach, holds the technical knowledge and competency, while also possessing commercial skills and understanding to see things in a ‘real world’ capacity.
We're Datek Solutions
Since 1998 we have been managing IT support, solutions and strategy for a range of clients. We have won awards for our excellent customer service and pride ourselves on being transparent. What you see, is what you get.
What makes us different? We don’t use a one-size fit all approach. We get to know your business and everyone in it, what it needs and how we can support you to give the best solutions at the best possible prices.
Above all this, we are committed to keeping it simple for you. If there’s a solution that your company needs, or you already have and it’s essential we support it, we make sure we know everything there is to know about it.
Contact us on 01753 540000 or email us at contactus@datek.co.uk.
