Top 10 Cyber Security Considerations that every CIO or DPO should consider

Jul 30, 2019

If like many people, you are wondering how robust your cyber security is and you are not sure where to start, then good news, you are not alone! We understand how much of minefield cyber security can be, so the in-house experts at PCM have put together their list of the top ten considerations and tips to help you get started.

1. Network Security

Perceived network perimeters are changing thanks to the Internet of Things. With every device from your smartphone to your fridge being a potential entry point, its now more important than ever to understand what is on your network and what data it is collecting. PCM Top Tip: Invest in penetration testing or vulnerability assessments as it’s really important to understand where the vulnerabilities in your network lie.

2. User Education & Awareness

4% of malicious attacks start on email! Unfortunately for those charged with maintaining security we can’t switch off all emails, but we can ensure that the first line of defence - our IT users - are educated to identify and flag suspicious emails and possible threats. PCM Top Tip: Take a look at Barracuda’s PhishLine, a training and simulation tool that enables businesses to educate and assess employees on their ability to identify phishing and social engineering attacks.

3. Malware Prevention

Malware or malicious software code can either steal or restrict access to data and take control of your devices. While users are the first line of defence, every business can help by establishing appropriate security controls and policies to identify potential risks before they even reach an employee or before any erroneous links are clicked. Malware defences will help identify threats from common sources such as email, web browsers and removable media. PCM Top Tip: Antivirus is the first step to comprehensive Malware prevention. Speak to your PCM Account Manager to explore how Malware prevention has evolved and how the next generation of solutions can offer your business the most effective and commercially viable solution.

4. Removable Media Controls

USB sticks are a favourite for hackers. They are cheap and readily available, making it easy to steal data and infect computers with Malware. If your business does want to use removable media then make sure policies are strong. Using passwords and disabling auto-run are just a couple of suggestions. PCM Top Tips: Never plug an unknown USB device into your computer. We would recommend caution when plugging in free USB sticks from events or shows. No one would know if a hacker had replaced a few with his own!

5. Secure Configurations

Networks are full of devices, which can be accessed remotely for configuration and trouble shooting. Each one of these is a potential entry point for hackers. Just by accessing one device, a hacker could potentially move around your network and harvest data or information to use against you at a later date. PCM Top Tip: Check the default settings of every device you install on your network. Does it have a generic admin password? Can you disable auto-run features that allow file execution without user authorisation?

6. Managing User Privileges

We don’t all need to access to the same data, or all of the data within our organisation. By understanding your internal levels of trust and user based need to access key data sources and operating environments, you will be able to protect your most important data and systems by limiting access to them. Only provide employees with the access rights that they need and have policies in place for escalations as and when required. PCM Top Tip: Have strong on boarding AND off boarding policy to remove old and expired accounts from the system ASAP.

7. Incident Management

Have a robust process for identifying, recording and analysing security threats. This helps give a comprehensive view of any security weakness that need your attention and possible improvements. PCM Top Tip: Create a checklist and internal stakeholder response policy that can be reliably and consistently used in the event of any cyber breach, will enable you to identify where the attack originated, how long has attack been operating for, and what data has been targeted…

8. Monitoring

It's estimated that UK businesses face 65,000 attempted cyber-attacks per day 1, so monitoring your network for breaches is vitally important. This should enable to you identify weakness by analysing logs for unusual activity and allow IT to act promptly in the event of a data breach. PCM Top Tip: Consider a Security Information and Event Management System (SIEM) which will enable you to create a holistic, unified security event analysis tool without excessive resource demands or meaningless, excessive alarm logs. PCM will ensure that all of our customers also avoid common SIEM pitfalls such as the commercial models which charge you by volume of data, thereby minimising effectiveness and encouraging the wrong behaviours to achieve a comprehensive SIEM tool.

9. Home & Mobile Working

Workspaces are changing, employees are looking for flexible working environments and employers are seeing the benefits of offering this from a productivity cost prospective. However this does create a challenge. Corporate devices are now connected to private networks, meaning it becomes more difficult to enforce policies. PCM Top Tip: Consider what access an employee might require when working from home. Could access to some systems or data be restricted?

10. Set up your Risk Management Regime

Your Risk Management regime should be as important as other legal, regulatory or financial considerations. It also needs to be in line with business objectives to remain relevant and by supported by the board and senior managers. PCM Top Tip: Consider appointing a CIO or DPO. If your budget restricts this then consider a virtual resource and speak to PCM today about how we can provide you with the best trusted, accredited resources on a Managed Service basis.

Aug 16, 2019

5 Reasons to Allow Your Staff to Work From Home

At PCM UK we recognise that our employees want the flexibility to work outside of the traditional nine-to-five setup and as a result, many of our staff have chosen to work from home for part of their working week. What are the main business benef...

Read More
Jul 30, 2019

Top 10 Cyber Security Considerations that every CIO or DPO should consider

If like many people, you are wondering how robust your cyber security is and you are not sure where to start, then good news, you are not alone! We understand how much of minefield cyber security can be, so the in-house experts at PCM have put tog...

Read More
Jul 22, 2019

How to improve team collaboration.

NEW WORKSPACES, NEW NEEDS Workspaces are changing. In fact teams are changing. Gone are the days of rows and rows of desks with workers tapping away like some sort of battery farm call centre. Workers today want more freedom and dynam...

Read More