Cyber Security Month: Top tips to keep your business secure with CND

By Anita Jaynes on 1 October, 2022

October is National Cyber Security Awareness Month, an initiative designed to share up-to-date best practice for online security.

For the last 17 years the month has been used to promote cyber security and the importance of staying safe online. The idea originated in the United States and has now become a movement across the world.

Corsham-headquartered cyber experts, Computer Network Defence (CND) have shared their top tips to help you and your business stay safe online.

Phishing attacks are on the rise, always be on the lookout!

Phishing is when attackers attempt to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware, or direct them to a dodgy website.

These types of attacks have come in different formats as of late, from SMS text messages to job adverts on LinkedIn. This only reinforces the behaviour to always ‘think before you link’.

The Centre for the Protection of National Infrastructure have launched a new app to help businesses and the public protect themselves from potential espionage. Find out more here.

Review your in-house policies

Having policies and procedures in place is great but be sure to conduct regular reviews of these policies to ensure they reflect reality.  

Regularly reviewing policy documents will not only help with compliance accreditation but also ensure your business is practicing what it preaches.

Data Sensitivity Classification

Establishing a data sensitivity classification and labelling procedure is imperative to assist you with compliance and data governance across many different standards and accreditations.

Consider disabling macros

Macro enabled attachments are a popular entry point of attack. Consider disabling macros by default and provide training to staff so they are aware to not enable macros on untrusted documents.

Working to remove Shadow IT

Shadow IT is the unauthorised use of any digital service or device that is not formally approved of and supported by an organisation’s IT department. Examples of shadow IT include: Creating cloud workloads using personal accounts or credentials.

Working to remove shadow IT can help to control your assets and understand your attack surface, especially in today’s Software as a Service (SaaS) driven market.

Be event aware

Be on the lookout for cyber criminals targeting high profile events and using recent news as their topic of motivation. Always think before you click.

Multi-factor Authentication

If Multi-factor Authentication (MFA) is used in your environment ensure it is protecting your users to its best ability, consider protection mechanisms to stop MFA fatigue. This could be via lockouts after so many MFA requests or forcing additional verification such as ‘number matching’ to help users spot fraudulent requests.

Disaster Recovery Plan

Ensure you have Disaster Recovery plans in place and playbooks to use in case of a breach. These procedures should be tested frequently to make sure you can rely on them when the time comes.

CND have been helping to protect the UK’s military networks, businesses and organisations both at home and abroad for the last 18 years. The company has a strong network of cyber security consultants across the world with members of the team in the US, Canada and the Isle of Man. To find out more visit: www.cndltd.com