Date icon
Date
31
May 2022
Clock icon
READING TIME
4
minutes

Cyber Security 101: Protect Your Business

Cyber Security is for Everyone

Some 16 years ago I fell victim to a cyber-attack, and it taught me a lot. It was 2006 and I received a strange email from eBay saying they believed my account had been hacked. They were right. I had fallen for a phishing scam; a fake website that looked so much like eBay that I didn’t even consider not putting in my username or password.  In the process, I essentially handed them my keys. The number of online threats has grown significantly since then. So how are you meant to protect yourself online these days anyways?

The good news is there are a lot of ways people and businesses can protect themselves and their data online from opportunistic attacks, the most basic of which is maintaining good password hygiene and using Multi-FactorAuthentication (MFA), which we talked about in our previous blog series ‘Maintaining Good Password Hygiene’ Part 1 & Part 2.

The National Institute of Standards and Technology (NIST)

To understand cyber security more, I really like using the NIST (National Institute of Standards and Technology) Framework which breaks the different steps down into their appropriate core functions. I’m going to apply this from a business lens, but the steps are equally relevant to each of us protecting ourselves in everyday life.

The National Institute of Standards and Technology
NIST Framework

1. Identify

Organisations need to be able to confirm that the person accessing your business’ systems is who you believe they are, and that they are meant to have access to that system. Good password hygiene and MFA are a great approach to that, but a well maintained and reviewed access management policy and process is also vital here.

2. Protect

To protect yourself from attack, every business should be using a Next-Gen Firewall (NGFW), Endpoint Protection software, &Application Whitelisting systems to block attacks. You should implement CyberSecurity Awareness Training for your staff to give them ways to protect themselves.Add to this implementing Mobile Device Management for your company laptops, tablets, and phones to allow you to remotely block and wipe devices that may get lost or stolen. It’s also important to ensure your backups are protected, so consider solutions such as Immutable Storage and Offsite Replication to keep your recovery tools safe from damage – it’s these tools that you may need to rely upon in the event of a cyber-attack.

3. Detect & Respond

For anything that does manage to get through your protections, you want to be able to identify threats in your systems and react to them as quickly as possible to protect your systems, data, and staff. You may also have a legal obligation to report the incident, so crafting a response plan is a must.

Managed Detect and Response services are a great asset here, as they generally involve installing a service on your computers designed to identify anomalies, which are then analysed by a dedicated team of cyber security experts. These services are commonly referred to as a SOC, or Security Operations Centre. These experts can determine if a threat is credible, and work with you to respond to the incident.

4. Recover

This is the point where your backups come into play, but there may be more involved here than just getting your data and systems back to how they were. Consider the other impacts that your business may have during an attack, including financial, reputational, and contractual. Ensuring you have an accurately set up Cyber Insurance Policy is highly recommended as a risk mitigation strategy. You should also be making sure your backups are working and healthy; setup notifications for your backup jobs so you know when it works or fails and can respond quickly, and schedule regular restore tests.

It's important to remember that these are all protection methods, but none of them are guarantees. You could surround your home in steel plate, but someone can always get in with a plasma cutter. A determined enough attacker will likely manage to eventually find a way in, so it’s important to be prepared to respond if/when that time comes.

Cloudwize offers a range of cyber security solutions and services to help protect your business. If you have any questions, give us a call today on 02 5733 4000 or drop us an email here.

You might also be interested in...

IT Support: RITA – Your Remote IT Assistant

Looking for fast and reliable IT support? Meet RITA, our desktop app. RITA identifies your IT support issue and assigns the right technical team member to solve your problem FAST!

Read Article

Email Scam – What is a Phishing Email?

What is phishing? Phishing is a kind of cyber scam, in the form of email – designed to trick you into unwittingly providing personal or confidential information.

Read Article

Celebrating NAIDOC Week 2022

On behalf of the Cloudwize team, we particularly celebrate the achievements of our many Indigenous colleagues and friends and vow to play our part; to get up, stand up, and show up.

Read Article
See All Articles

Optimise your business IT

Get in touch with us and we’ll arrange a free initial consultation to talk about how we can help you optimise your company’s IT infrastructure.  

Arrange a Consultation Today
CARL