An A to Z of cyber security part 2

13th May 2019

In part 2 of our A to Z on cyber security we take a look at a number of important aspects to consider and understand.

From I 'Internet of Things' to R 'Risk Management', the more knowledge you have the better equipped you'll be should your business ever come under a cyber attack. I is for Internet of Things (IoT) Take a look around your office. How many different devices are there that allow you and your team to connect to the Internet to send and receive data? Smart phones? Tablets? Desktops? Laptops? All of the above? The Internet of Things (IoT) is so convenient and beneficial to doing business it's routinely deployed often with little thought to the cyber security risks and consequences it poses. Smart connected devices are extremely susceptible to cyber attack so make sure they're ALL protected! J is for jail Cyber crime is now a daily reality so it's good to be reminded that those committing cyber crimes are being brought to justice and sent to jail: •  2 years: Alex Bussell from Liverpool was convicted at Birmingham Crown Court for committing thousands of cyber crimes including attacks on Google and Skype •  2 years: British teenager, Kane Gamble, was found guilty of leaking -extremely sensitive documents from senior FBI and CIA staff that damaged law enforcement •  20 months: combined sentence for friends Matthew Hanley and Connor Allsopp who were jailed for a -sophisticated cyber attack on TalkTalk that cost the communications provider an estimated £77 million K is for hacking kits Believe it or not, you can buy a kit (through both illegal and legal channels!) that will enable you to hack into a company's system. Yes, hacking kits are real and they usually contain a number of different tools for a would-be hacker to use. From carding software and wifi pineapples, to keyloggers and malware, a hacker will use a combination of these tools to pinpoint any weaknesses in your cyber security to ultimately compromise your system or data. L is for liability insurance Check your liability insurance. Does it include specific clauses relating to support and protection for your business should it experience a data breach or cyber attack? If not, call your insurer and discuss your options. Data breaches and cyber attacks can be very costly and cause irreparable damage so it's imperative you're covered. M is for malware We've all received those emails the ones impersonating a famous brand or even someone you know that try to convince you to open an attachment or click a link. That's malware or 'malicious software' in action. Malware is specifically created by cyber criminals to exploit any weaknesses, gain access to your system, potentially steal your data and generally create havoc and damage! N is for National Cyber Security Centre Based in London and founded in 2016 by the UK Government, the National Cyber Security Centre provides advice and support for public and private sector organisations on how they can protect against cyber attacks. It also has a mandate to improve internet security and manage any major cyber security or data breach incidents. O is for open doors Open doors are areas of internet-facing infrastructure where, if you know just where to look, personal information can be accessed. Unsecured or un-encrypted web pages and databases containing personally identifiable information are the ultimate money-making hacks for cyber criminals. P is for privacy The only way to ensure privacy is to confirm that your company's security settings are up to date. And how do you do that? By scheduling and completing software updates to patch any weaknesses in infrastructure on a regular basis add them to your calendar! Even the smallest vulnerability in the system could create a cyber security loophole that cyber criminals have been waiting patiently to jump through. Q is for quick response How would your business respond if it were the victim of a successful cyber attack? It's not something any of us wants to think about but cyber attacks are real and they're occurring every day. We highly recommend having a robust cyber security policy in place that outlines exactly what's required in the event of an attack or breach, with 'quick response' being at the top of to 'to do' list. As well as having effective perimeter defences and controls in place, planning and communication are critical to mitigating and dealing with any incident. Think about who needs to do what and when and even practice your policy by staging a mock cyber attack, that way you'll be well prepared should the worst ever happen. R is for risk management As outlined above, cyber security isn't simply a business risk that is confined to your technical team to handle. It's a risk that requires specific management just like any other business risk you have identified. Risk management is all about understanding how your business works and it's no different when it comes to cyber security. The National Cyber Security Centre recommends the assessment of any digital technologies and systems that are critical to your business. Consider who might attack your system and pinpoint any potential weaknesses. Ensure cyber security is a central element of your company's risk management strategy; don't just leave it to your IT team to worry about. Learn more at https://everythingthatis.cloud/