A detailed look into the cybersecurity checklist that an organisation can follow to avoid any security incidents and financial loss.

Cybersecurity Posture:

The internet space is continuously developing and the need for cybersecurity services are  more than ever because of the increasing number of attacks and the increasing number of users using their own personal computers, the rise of consumers using Online services to do their daily tasks, integrated use of Internet of Things (IoT) devices to create a “Smart Environment” around them. Though it has its own advantage, organisations these days are prone to a lot of cyber threats and attacks. Hence, it is important for an organisation to implement a strong security posture to prevent the attacks from affecting them.

Organisations should assess their business and set up a cybersecurity posture accordingly.

Below we will see the different types of cybersecurity measures an organisation can take to avoid cyber attacks and any other incidents damaging the organisations assets.

1. Policies and procedures
2. Employee Training
3. User Account Auditing
4. Password Management
5. Clear Desk Policy
6. Use of Secure Websites
7. Implementing Strong firewall
8. Regular Updates
9. Backup

Policies and Procedures:

This is the most important step to be followed by an organisation. An organisation must be compliant with the appropriate policies and procedures according to their business operations to safeguard themselves from any loss of data, information and also money. An example of few policies and procedures that an organisation should follow are Privacy Policy, BYOD(Bring your own device) Policy, Network Security Policy, Acceptable Use policy, Email policy, Disaster Recovery Policy etc.

Employee Training:

Employees are the weakest link of an organisation. User awareness and training is the most important measure to mitigate any type of cyber attack. The users should be given training about the different types of attacks. The people are the weakest link in the system and with proper training, such attacks can be mitigated and sensitive data can be secured. Regular tests should be conducted such as sending spoofed or phishing emails to ensure that employees are vigilant of such attacks and they do not fall victim.

User Account Auditing:

User accounts should be audited to check if there are any accounts that are not being used. An account may not be used for different reasons. For example, The employee may have shifted to a different project or if the employee stopped working in the company. It is important to disable such accounts.

Password Management:

Password management refers to the set of principles and rules that need to be followed by an organisation while storing passwords in order to prevent unauthorised access. An organisation must adhere to the password rules such as having a minimum length of password set to 8 characters with special characters, numerics etc, having a robust password that is hard to guess. It is also important to change the password after a certain time period and the passwords should not be reused. One of the best ways to have a complex password is to use a “passphrase”. A passphrase is nothing but  a string of words used instead of a single word. 

Clear Desk Policy:

The clean desk policy is one which instructs all the employees to clear the desk everyday and not have any information written down as notes on their desk, including passwords, to-do lists, Documents, removable media etc. Clear desk policy is a ISO 27001 policy and by following this standard, sensitive data loss is prevented, helps in compliance and secure the company etc.

Use of Secure Websites:

Only use trusted sites when giving personal information. Always use the URL which has the “https” in your browser as the one with the http url is not secure. It is always advisable to not open links from unknown sources. These links might contain malicious softwares which when downloaded will take control of the system and will lead to loss of information.

Implementing strong Firewall:

The types of security related attacks are increasing on a daily basis and it is important for us to safeguard our network from such attacks. In order to do that, a firewall must be implemented to secure the network and monitor incoming and outgoing traffic that comes through and drop unknown or suspicious traffic. Firewalls help to stop unauthorised access to the network by blocking unknown traffic from entering your network.

Regular Updates:

There are thousands of new viruses. So it is important to update the signature list of the antivirus software so that none of the new viruses are left out and the operating system has to be updated regularly and patches have to be applied before the vulnerability is exploited.

Backup:

Backup is one of the most efficient ways of preventing data loss by malware. By having a regular backup of all the valuable data we do not have to worry about losing them. Taking a backup of sensitive data is always a best option. It is also essential to encrypt the data using the best encryption method and store it, so that loss of data can be prevented.

With everyone of us using the internet and the number of devices connected to the internet, security measures have to be in place and people have to be aware of the attacks and organisations need to have a strong security posture so that they can prevent the damage these attacks can cause to the organization and their data.

If you like to be prepared you can contact us at info@rootfloe.com for a free consultation.

Shivashankar Saravanan

Shivashankar is a Business Associate at Rootfloe and has a masters degree in Cyber security from Royal Holloway University of London.

https://www.rootfloe.com
Business Associate