When it comes to security, is your house in order? Or do you have a skeleton in the closet?
This Halloween, follow our simple guide to secure your organisation, and keep the horror story out of your business.
1. Control entry and exit points
Strong doors and windows with good locks are essential for good physical security. A haunted house will either have no doors or locks so that monsters can get in, or impenetrable doors so that you cannot get out.
Devices and accounts with poor security settings can be an easy entry point for those wishing to prey on your information. Make sure that all accounts have unique passwords of more than 8 characters, 2 Factor authentication is enabled where possible and that you only use products connected to the internet (IoT products) with verified security features.
2. Do some maintenance
Most haunted houses are somewhat lacking in upkeep. Broken windows and doors, peeling paint, ominous stains and cobwebs show neglect and disarray and attract the wrong sort of visitor. Keep your devices and software up to date by ensuring they are still supported by the manufacturer and turn your settings to automatic updates or apply the security updates within 14 days.
3. Keep the bad things OUT
Holes in the roof and floors and walls is a feature of every haunted house allowing rain, lighting strikes, bats and ghouls to come in.
Keep unwanted elements out of your network by using a securely configured firewall at the boundary to your network (usually found in your internet router) AND enable the software firewall on your device.
Set up and control regular user accounts for every worker to carry out their day to day computer work. Only permit privileged access and permissions via a separate administrator account for limited individuals that need it for their role.
Prevent malware (software designed to wreak havoc) from entering and infecting your system by installing anti-malware software.
As the nights lengthen, and the time comes to call trick or treat, make sure your organisation has the core controls in place so it’s not your client data that goes bump in the night.
Cyber Essentials is the Government approved scheme that helps businesses prove that they have implemented the five core controls to keep the bad stuff out. For businesses that are unsure where to start, on behalf of the NCSC, IASME has created a free, easy to use, online Readiness tool . Who you gonna call?