The answer depends on the nature of your business and its complexity across the number of users, sites, devices, amount of data being captures, the need for remote access, etc, etc. The key, overriding principle is to ensure implementation of products and processes is appropriate to your business needs. Another good reason to start with an initial assessment, by a provider of your choice.
The essential elements for consideration:
Staff training, this is about creating a ‘security culture’ across your organisation. It needs to be ongoing and reviewed regularly. The training should include a phishing simulation, so you can be sure everyone is aware and alert.
Deploy anti-virus software across all devices. Good software is designed to detect, block, and remove viruses and malware. If people are using their own devices, then ensure when connecting to the businesses network that the device is scanned first, and they have anti-virus software deployed.
Some anti-virus software solutions have a broader capability in that they protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, spyware as well as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.
Implementing a Firewall on your network is essential. The firewall is designed to monitor incoming and outgoing network traffic based on a set of configurable rules, thereby separating your secure internal network from the Internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as virtual private network (VPN) for remote workers
An important consideration is patch management. This is where the software applications being used are regularly updated to remove security vulnerabilities that have been identified. It becomes essential that all devices are using the latest versions, if not then the risk of attack is increased. Importantly, the process of patch management needs to occur at a time that does not interrupt the employee’s productivity. When subscribing to our Protection Plan we run these patches during the night.
Studies constantly report that weak passwords are at the heart of the rise in cyber theft. A Verizon data breach Investigation report found 81% of data breaches are caused by compromised, weak and reused passwords. To mitigate this risk, businesses should adopt password management solutions for all employees.
Backup and Recovery is the number 1 essential for smart cybersecurity practices. This means having frequent backups of all critical business data. Most business will undertake a daily backup, but your needs may require greater frequency. Backing up data incrementally, throughout the day, can minimises the amount lost.
With the prevalent use of Cloud applications such as Microsoft 365 any back up structure should include data stored in the cloud. Especially email applications such as Outlook, Gmail, etc. Industry best practice is to back up according to the 3-2-1 rule: at least three copies, in two different formats, with one copy stored offline or in the cloud.
Develop straightforward cybersecurity policies. Draft and distribute a clear set of rules and instructions for employees. And finally, control user access to your network. Constantly remove privileges and deploy 2 factor authentication.