Fortify your Business without Breaking the Bank. Cyber Security can often seem like a daunting subject, with countless areas of an organisation to consider, alongside significant upfront and ongoing investment. Our aim is to provide clear and pragmatic advice at the lowest price, to any audience.
This article will explore low-cost, yet powerful, measures your organisation can implement to help bolster your Cyber Security posture. From authentication best practices to security solutions, we’ve got you covered. Let’s dive in and discover how you can achieve big protection on a small budget!
- Strong Passwords
When creating passwords, it is crucial that users can identify an unsecure password. A login page telling you that your password of Pa$$w0rd123 is strong, doesn’t mean it is secure!
The following should be considered when users are creating a password:
- Use unique passwords for all applications/services.
- All passwords should be at least 12 characters in length.
- When creating passwords, use three or more random words combined.
- When recording passwords, use trusted Password Managers like KeePass 2.
- Do not use common passwords (e.g. 123456, Blink182, qwerty, a football team).
- Do not use passwords containing personal information (e.g. Date of Birth or Name).
- Multi-Factor Authentication (MFA)
Multi-Factor Authentication (including 2FA) provides additional steps of authentication and is essential in securing your accounts. For instance, if an account password is compromised, MFA will act as additional barriers to any bad actors! This can be easily enabled for most day-to-day accounts and usually takes the form of a one-time code via a mobile authenticator app or text message.
- Software Updates
Software updates (as much of a nuisance as they can be!) should be installed as soon as possible. This is to ensure that any security fixes are applied in a timely manner, therefore reducing the risk to your organisation. It is recommended to enable automatic updates on all applications where possible and schedule one day a week for users to open their applications, checking for updates.
- Network Configuration
Upon receiving network equipment (e.g., Router), the default passwords should be changed to strong passwords. This is to ensure that default credentials like ‘admin’ cannot be leveraged by an attacker to gain access to your network. Additionally, strong wireless encryption protocols such as WPA3 should be used. As a side note, always make sure that you are connecting to a trusted network (especially not open networks!).
- Security Training
Security training is imperative for all users within an organisation. You may have the strongest password and MFA enabled; however, it is ultimately your users that define how effective these measures are. This is not only to ensure that users follow protocols, such as implementing strong passwords, but are also aware of key threats like Phishing Emails, that lead to sensitive credentials being provided to attackers. Phishing Emails specifically have been defined as ‘The most significant threat facing citizens and small businesses’, as cited from the National Cyber Security Centre’s 2022 Annual Review.
Security training can be difficult to develop and deploy effectively, which is why we offer a low-cost CS Security Training service which includes:
- Security Awareness Training: Users are assigned a monthly 15-minute course with an informative video followed by questions.
- Simulated Phishing Exercises: Users are sent monthly bespoke Phishing Simulations to gain resiliency towards Phishing Emails.
- Security Policy Management: We provide automated, centralised policy distribution to all users which can also be reviewed after signing.
- Email Address Breach Alerting: We constantly monitor the Dark Web for any organisational email/IP breaches and notify those affected.
- Monthly Reporting: We provide monthly reports covering all modules, outlining any areas of significance (e.g., areas for improvement).
- Support: Our friendly team of Cyber Security Specialists are available on call and via email.
We also offer Cyber Essentials and Cyber Essentials Plus certification, helping your organisation gain an industry recognised certification.
For further information, please contact info@cybersecurityspecialists.co.uk to speak to a member of the team!