7 layers of cyber security

Unfortunately, there isn’t just one magic piece of technology you can implement in your business to give you 100% security. To give yourself maximum protection against cyber threats, you should be layering your approach like an onion, or an ogre (a little reference for any Shrek fans out there).

Here are 7 things we think you should be looking at to give you and your business the best possible chance when it comes to cyber security.

1. Social engineering
   • Make sure you have a process in place to verify email senders or callers when they are asking for sensitive information, or for something to be carried out in relation to security or finance.

For example, make sure that all staff know that if they receive an email asking for money to be transferred, that they should ring the person asking and verify that it’s a legitimate request before taking action.

2. Physical security

Virtual systems are great, and badly needed, but don’t abandon physical security just because you feel protected!

• Keep physical servers locked away
• Don’t leave USBs or passwords out on display. In fact, don’t write passwords down – you should be using a password manager instead.

3. Wireless security

WiFi is often overlooked, but WiFi signals extend beyond the four walls your business is situated in which can leave you open to security breaches.

• Make sure the router password has been changed from the default
• Check the protocols it uses are up-to-date giving you the best security. Neither WEP or WPA are sufficient protection anymore
• If you’re offering the use of WiFi as a business, you are legally responsible for what people are looking at online. Make sure you have correct filters, and IP address logging capabilities.

4. Passwords
   • Passwords should be long, not contain personal information (like your favourite football team, or kids’ names) and you should use a different password for each login you have.
   • Using a password management tool like LastPass will make this easier.

5. Multi-factor authentication
   • Most systems now support multi-factor authentication which will help protect your account. It means you’ll need to provide an extra piece of information when logging in, such as a code generated by your mobile, but it can stop a hacking attempt dead in its tracks!
   • Check the settings on your critical accounts such as email, or database which holds customer information and make sure multi-factor authentication is enabled

6. Email security
   • You should never click links or open attachments on emails when you don’t know the sender – if you think something is suspicious but aren’t sure, ask your IT provider to check it out for you. They won’t mind – it’s better to be safe than sorry.
   • Make sure to have spam and phishing filters in place – these won’t stop suspect emails 100%, but they will reduce the number decreasing the likelihood of a member of staff falling for a phishing attack.

7. Anti-virus
   • Anti-virus should actually be the last line of defence – although there’s nothing out there that’s 100% perfect, so don’t rely on it always picking up on something dodgy.
   • For maximum protection for your business, consider using a product that supports application whitelisting and device control which will give you more control over the devices used within your business.

If you’d like us to take a look at your data security setup as it is at the moment, and check that your security is up to scratch, give us a call on 01732 617788 or drop us an email to [email protected]. We can help you make sure that your security measures are doing what they should, and keeping you protected.