Henry David Thoreau said "The way you spend Christmas is far more important than how much you spend at Christmas."
Christmas is about more than the money that you spend, its about the thought behind your gifts and the time you spend with your loved ones. The same could also apply to cyber resilience.
It is easy to waste money on the latest cyber resilience tool (or must have Christmas toy) because “everyone has it” but do you need it? Unless your business has the basic foundations of cyber resilience ingrained, then you might well be buying for the sake of it. You could have the most amazing threat detection system in the world but if you are using compromised passwords then an attacker has an open door to your systems.
The basics?
· Backing up your data - Identify what data you need to back up and keep your backup separate from your computer
· Protecting your organisation from malware - Install (and turn on) antivirus software, keep all your IT equipment up to date (patching)
· Keeping your smartphones (and tablets) safe - Make sure lost or stolen devices can be tracked, locked or wiped, keep your apps and device up to date
· Using passwords to protect your data – change your default passwords, avoid reused, guessable or predictable passwords, use Two-Factor Authorisation on important accounts
· Avoiding phishing attacks – provide staff awareness training, configure accounts to reduce the impact of successful, report all attacks
And there are some great tools which are completely free for businesses to use.
Free Tools?
Here is a small selection of what is available, but you can find more at Tools | Eastern CRC (ecrcentre.co.uk).
Police CyberAlarm – Helps your business understand and monitor malicious cyber activity. Police CyberAlarm acts like a "CCTV camera" monitoring the traffic seen by a member's connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities.
Incident Response Plan - To help you deal with the impact of a cyber-attack we have created a Cyber Incident Response Plan template for you to use. This could be use in conjunction with...
Exercise in a Box - An online tool which helps organisations test and practise their response to a cyber-attack. It is completely free, and you don’t have to be an expert to use it. It includes two exercises, a technical simulation and a table-top exercise. If you needed some assistance in running/guiding the exercise, then our local police protect officers can help you run this for free.
Cyber Action Plan - Learn how to protect yourself or your small business online with the Cyber Aware Action Plan. Answer a few questions on topics like passwords and two-factor authentication and get a free personalised list of actions that will help you improve your cyber security.
Cyber Security Training for Staff - Your staff are your first line of defence against a cyber-attack. The NCSC has developed an e-learning training package ‘Stay Safe Online: Top Tips for Staff’ to help educate your staff on a range of key areas including phishing, using strong passwords, securing your devices and reporting incidents
Membership of the ECRC - free of charge, we have been set up to increase businesses cyber resilience. Through newsletters, "Little Steps" email series and events we are raising awareness but also offering affordable student services for when businesses are ready to take the next step. Speak to us about what we can do to help now and in the future.