We always get frustrated by blogs and newsletters that are too technical, so here it is – no fluff, no jargon, no A.I., just straight-talking cyber security advice that is designed to actually help. We’ve been doing this for a while now, and we know what works. So let’s cut to the chase.
Cyber security doesn’t need to be complicated. In fact, it boils down to three things: your users, your computers, and your data. Nail these, and you’re already ahead of the curve.
1.Your Users – The Front Line
Your users are your first and best line of defense. Give them the right tools, and they’ll do half the job for you. Unfortunately, most breaches occur because someone clicked something they shouldn’t have; usually an email. Spam makes up 45.6% of global email traffic, so it’s no surprise that inboxes are a minefield.
Here’s what to do:
Email Digests: Let users review suspicious emails in a safe, obvious environment. A daily or weekly digest helps them make informed decisions and reduces risk by up to 80%.
Report Button: Give users a way to flag dodgy emails. This fees into your business’s threat detection and helps protect everyone.
Password Managers: One password per account. Make them complex. Don’t force regular changes. Add 2FA/MFA and enforce it. Pretty simple!
2.You Computers – Lock It Down
Company devices should be locked tighter than your weekend plans. Users should only access machines assigned to them, and only from their usual location. No exceptions.
Data stored locally? Encrypted it. Whether it’s sitting still or flying through the ether, it needs to be wrapped up tight. Again, software tools are here to help:
Anti-Virus: Basic, yet essential.
Mobile Device Management (MDM): Configure access, enforce policies, and keep everything in check.
3.Your data – The Crown Jewels
Your data lives on servers, floats through software, and ends up on a computer screen that you’re looking at. This is by design, due to a complex array of computer coding, logic, human resources, and finally at your end, user permissions and controls. Your don’t control the journey, but you do control who gets a ticket.
Now, if the knobs and dials that are cyber security IT policies are too strict, and your team can’t work. If they’re too loose, and you’re leaving the front door open to strangers. The trick is to audit your access controls annually with a professional, just to ensure nothing’s adrift.
Also worth considering:
Encrypt everything: Data at rest, in-transit, in backups.
Backups: Run them, test them, encrypt them.
Email Tools: SPF, DKIM, DMARC – talk to your IT provider, are these enforced by default?
There it is – the beginnings to a safer future for your business. Please feel free to get in contact if you have any queries or want to begin your cyber journey.