For all businesses in Edinburgh, Glasgow, Aberdeen and the rest of Scotland Cybersecurity is no longer workable with a “tick in the box” approach. Apart from IT Support Riverbank Solar provide proactive Cybersecurity consultancy to help determine and mitigate risk.
A SME business in the hotel business, for example will not have the same risk appetite as a bank or credit card company.
The old excuses of having “no top secret data” does not cut it anymore with strict GDPR laws. Now all systems hold sensitive data that is accessible from anywhere.
These are our top tips to improve your companies Cybersecurity:
Endpoint Protection
Tip: Ensure that regular anti-malware/antivirus scans and backups are scheduled. Most of the big vendors perform automatic updates, ensure that settings are configured.
Network Segmentation
Tip: Always keep business-critical assets and important servers in a separate network segment with restricted access.
Principle of Least Privilege
Tip: Start with separate accounts for privileged users. For example, James, who is a database administrator, should have one corporate account (for routine tasks such as email, intranet, timesheets, etc) and one production account (for privileged tasks as part of his role) with different password policy restrictions.
Secure Internet Access
Tip: Remove unrestricted internet access from servers with exceptions to services needing internet access.
Passwords
Tip: Start with password managers, enforce strict password policies and add a list of blocked passwords to active directory.
Multi-factor Authentication
Tip: The majority of the service providers offer two-factor authentication. If this is not an option, look for alternatives such as passwordless authentication or two-factor authentication modules such as Duo, Authy, Okta, etc.
Secure Configuration
Tip: Add security benchmarks as an extension to your IT team’s OS build checklist. Ensure that sign-off from the security point of contact is a mandatory part of the process before any build is released into the production environment.
Secure and Regular Backups
Tip: Irrespective of the backup solution you opt for – don’t forget to test the backup restore.
User Education
Tip: In case of a solution, ensure that it’s simple, quick to use and helps users who are the least tech-savvy. If you are using Office 365, add this button “Enable the Report Message add-in” to Outlook clients that helps users report messages with a single click.
Secure Wireless Networks
Tip: We have observed with several organisations, backend infrastructure is shared for guest networks. Ensure that it is a totally separate internet route offering no connectivity with the corporate environment. A captive portal is an efficient way of user management (with approvals) ensuring security and usability aspects remain balanced.
Riverbank Solar can help you with this and many more. To get started contact us for a FREE AUDIT