keyboard_arrow_left See all news

Recent News

Dasiy Communications / 15 Mar 2020
With the UK's biggest providers offering unlimited data plans, we answer your questions about the new tariffs.
Visit us at Stand 646 at the Northern Business Expo and get 20% off our unlimited tariff...
NX Comms / 14 Mar 2020
Dongles Are Dead!
It’s unlikely that you’ll ever be in an area without a signal. If one network has a ...
Northern Business Expo / 13 Mar 2020
How to write engaging content for social media
Putting all of this together is hard, especially with the sheer volume of content that u...
Northern Business Expo / 12 Mar 2020
Ultimate guide to a successful marketing plan
Follow this initial guide to make sure you get the most you can from your marketing stra...
Atlas Business Group / 12 Mar 2020
Server Colocation could have more benefits than you think.
explore co-locating your server
Northern Business Expo / 11 Mar 2020
Google My Business listings. What, How and Why.
Google My Business (GMB) is one of the best ways to get local rankings and improve your ...
Northern Business Expo / 10 Mar 2020
Social Media 101
As good as social media can be, it isn’t as easy as putting an ad in the local newspap...
Atlas Business Group / 10 Mar 2020
It is no longer a matter of “if” but “when” a real world threat will compromise your business data.  Will you be ready
What happens when disaster strikes your business!
Northern Business Expo / 09 Mar 2020
Content marketing strategy – what, how and why
The best way to describe it is that it is your overall vision that guides the content de...
Nxcomms / 08 Mar 2020
Are you ready for full fibre broadband?
Are you ready for full fibre broadband?
Atlas Business Group / 08 Mar 2020
Say goodbye to large telephone bills and go all inclusive
Tomorrows telecom
Nxcomms / 07 Mar 2020
What’s a Private APN and why should I care?
That’s where a Private APN comes in. This type of connection gives you your very own p...
Huthwaite International / 06 Mar 2020
Decisions, decisions – map out your decision-making unit to sell more effectively
You may assume the most senior person is the ultimate decision maker but that may not be...
Dasiy Communications / 05 Mar 2020
Upgrade to VoIP and discover the benefits
You might have heard the words Voice over Internet Protocol (VoIP) being spoken about ov...
Nxcomms / 04 Mar 2020
Could Your Internet Connection Be Endangering Your Business?
If you sit there and do nothing about your internet, you’re courting disaster. Don’t...
Northern Business Expo / 03 Mar 2020
Top tips for entrepreneurs
You’re an entrepreneur with a business idea, ready to get cracking. It’s an exciting...
Daisy Communications / 03 Mar 2020
How a VoIP phone system could save you time, money and resources
By getting rid of their premise-based phone systems, companies are discovering new, stre...
Huthwaite International / 02 Mar 2020
 Fact or Fiction: The top 10 myths in sales strategy
Learn which actions lead to sales success and how to avoid those that don’t. Understan...
YorCyberSec / 01 Mar 2020
Shopping and email safety online
Doing these things will not guarantee that payment information cannot be taken but it hi...
Dasiy Communications / 29 Feb 2020
Why your legacy phone system is costing you more than you think
Why your legacy phone system is costing you more than you think
Northern Business Expo / 28 Feb 2020
12 ways to push your small business to new heights
Take a step back from your everyday tasks and consider how many of these points apply to...
Dasiy Communications / 27 Feb 2020
Answers To Your Questions About the PSTN 2025 Switch Off
Answers To Your Questions About the PSTN 2025 Switch Off
Fiscale Ltd - R&D Tax Credits / 26 Feb 2020
How to maximise your R&D Tax Credits claim
How to get maximum value from your R&D! In our humble opinion there are still far too ma...
Daisy Communications / 25 Feb 2020
Unpacking the new Samsung Galaxy S20 Range
Explore and save on the new Samsung S20 Range
Northern Business Expo / 24 Feb 2020
11 steps to get the most out of visiting an expo or trade show
Events and trade shows are great for many reasons, no more so than in this digital age. ...
Huthwaite International / 23 Feb 2020
SPIN® SELLING – stop talking and start listening
Sellers must take care not to get caught up in the excitement of talking about the bells...
Northern Business Expo / 22 Feb 2020
The 7 building blocks for a prosperous consultancy career
Whether you’re unsure how to begin your consulting career, or you’ve already started...
Northern Business Expo / 22 Feb 2020
5 books every small business owner and entrepreneur needs
Here is a list of our top 5 books that every small business owner and entrepreneur shoul...
Northern Business Expo / 21 Feb 2020
How to keep your mind healthy whilst running a small business
One in six people who work in the UK have anxiety, depression or similar every year, and...
YorCyberSec / 20 Feb 2020
IT Support is NOT Information Security
With the many pressures facing smaller businesses, trying to reduce expenditure is alway...
YorCyberSec / 10 Feb, 2020
keyboard_arrow_left See all news

The IT security basics

Putting in place appropriate security measures for your business can be confusing, but one thing we can all agree on is the basics, right? But what does that mean, and do we all have the same ideas in mind when talking about this? Sometimes it helps to take a step back from looking at the latest and greatest security software, and remind ourselves to cover the basics first. 

Here are some simple things that all businesses should be doing, in my opinion, in no particular order… 

Network segmentation – Let’s start with getting your corporate network properly set up, by placing systems with different levels of risk into their own network, separated from other systems by firewalls or other filtering devices. For example, if you have web servers facing the Internet to provide services to your customers, they are also at risk of being attacked, so you don’t want your company database housing sensitive date into the same network segment. Similarly, place your users into their own network segment so that a rogue employee can’t get direct access to core systems unless they are authorised to do so. 

Anti-malware software – We have had anti-virus installed on our machines for years, but is it keeping pace with modern attacks? For anti-malware software to be effective, it needs to look beyond commodity viruses and incorporate protection against the behaviour of malware, phishing attacks, and endpoint compromises attempted by insiders. Obviously, this needs to be kept up to date regularly, and it needs to be deployed on mobile devices where they present a risk. 

Patching – The bad guys find a hole in the software that runs your systems, and unless you patch it quickly, you could be hacked. Patching is easy to automate on non-business critical systems, and is by far one of the most essential elements to maintaining a more secure and robust network and organisation. This becomes harder with business-critical systems and you may require a test environment to ensure nothing is going to come crashing down when applying a patch, but if you are at this size or stage your IT/InfoSec team or partner should know how to handle this. Critical fixes are released all the time and I hate to think how many organisations are missing these through bad practices. 

Multi-factor authentication (MFA) – Using a simple username/password combination only provides a certain amount of protection, and if people use the same password across different accounts, or store their passwords insecurely, then abusing these credentials becomes more likely. MFA will use an additional method of verifying a genuine logon, these days usually through a code sent to a phone. In most cases businesses can do this for free using services provided by Microsoft, Google or Authy. Do it! It may just save you some embarrassment and money. 

Secure standard build – How do you know your systems are built in a secure manner, every time they are deployed? Having a template secure build process should be part of the standard method of setting up systems before they are allowed to be used in your business. It makes patching easier, makes deployment easier and additionally makes management of devices easier. There are documented standards available online that can be used to create your baseline configuration, and deployment tools can automatically push this to new devices, even including things such as malware protection, firewalls and approved applications. 

Security awareness training – With the mainstream news constantly full of stories of companies being breached (and fined!), investing in training for all staff is key, to embed secure behaviours into daily life. There are some awesome companies out there that offer solutions from fully hosted and managed, to providing the material for staff to read through in their own time. They are cost effective, easy to manage, easy to audit and provide a method of staff improvement and education. 

Backup, backup, backup! – Amazing how many organisations I speak to are not doing this, not even for their business-critical systems and data. Again, usually it can be done at no extra cost using current services, e.g. Office 365 or Google Docs, but if you need a more comprehensive backup solution, then there are plenty of options available at a suitable subscription cost. Just imagine if you lost all company data via either a breach or fire, how would you handle it? 

Incident response plan – If s*** hits the fan do you know who to turn to? Do you know what to do? This does fit in with my other post around “IT Support is NOT Information Security” - give it a read. You need to be confident that the person or people who will be helping know what they are doing. I also recommend that companies run through these plans on a regular basis, to catch any problems before a real incident occurs. 

Auditing and logging – These count for what is happening on the network and on your systems. Are all assets accounted for and in working/compliant state, are there are signs of malicious activity? If you have been breached or believe you have, can you investigate? This may require some investment, but the NCSC just released a free solution called LME which is worth looking at for SMEs, just don’t expect the world, but it’s a good start. 

Policies and procedures – There is no point in having a policy and procedure for every single thing under the sun, and they won’t be effective if they are not practical and suited to the culture and practices of the organisation. Think what is relevant to your business, what will help the company run efficiently, securely and realistically. Don’t just push out policies to staff without consultation, and make sure to check that everyone has understood the policies and why they are in place. Rolling these into the staff training systems mentioned above is recommended. 

Correct access controls – Why does a weekend staff member or a receptionist need access to company/customer or supplier financial and payment details? Why does someone in the sales team need to view staff members’ salaries? Too often I see all staff set up with the same level of access, which creates problems with access to data, and is difficult to undo. Setting up different access profiles for different roles will control this, helps to reduce the likelihood of an insider attack, and makes investigating what has happened if there is a breach more efficient, in theory. 

Most of the above can be done on minimal budgets and it is possible to ‘kill two bird with one stone’ across different steps, so no excuses really. Additionally, they are for the most part essential to ensuring you maintain compliance. Whether that is to PCI DSS, ISO 27001, GDPR, NIST or Cyber Essentials. I am sure I have missed some and feel free to let me know and I will update as appropriate. 

If you want to discuss any points above in more detail just pop by our stand 860 at the Northern Business Expo on 17th/18th March at Manchester Central. It's free to visit, and it's now the biggest business event in the North of England - get your free ticket online now!

 
Processing. Please wait.
Loading...