11 October 2021
October is Cyber Security Awareness Month
October is Cyber Security Awareness Month which raises awareness around the importance of cyber security in the workplace. With this in mind,
Passwords do matter:
- Strengthen the passwords you use. Particularly those to log on to email or work applications. They should be at least 12 characters long, including a mix of numbers, symbols and upper and lower-case letters.
- Be alert to phishing: If you receive an email with an unusual request, check the sender’s details carefully. If you are still unsure, don’t respond in any way. Do not click on unknown or suspicious links.
- Secure your device: If you use a company laptop for personal items, this can create a security risk. The risk is even greater if you use your personal computer for work. If you do, take advice about uploading a strong anti-virus and security package.
- Check the safety of your wi-fi: Unsecured wi-fi networks are easy for cyber criminals to crack. Protect your home network with a strong password. If possible, use a VPN (Virtual Private Network) connection, which encrypts data travelling between your computer and the company network. Do not connect to unsecured public networks – particularly in hotels and coffee bars.
WHAT YOU, AS AN ORGANISATION, NEED TO DO:
- Trust no-one: Set up your remote access system on the principle that everything must be verified. Use multi-factor authentication (password plus). Encrypt links using VPN or, better still, SDP (software-defined perimeter) which enables one-to-one authenticated connections between the user and the resource they are accessing.
- Classify your data: Identify, label and lock-in your sensitive data, ensuring that only appropriately authorised staff can access it.
- Group your staff: Be clear who has access to what information. Ensure that levels of access correlate with levels of data sensitivity, and can be authenticated.
- Check every endpoint: Be certain you can identify the non-office devices you allow onto the system and that they have the right level of security. Devise an action plan to handle any cyber threats from data leakage to attacks from devices on the system.
- Stress-test your system: Ensure it can handle the volume of traffic as your staff increasingly work from home.