How long is a piece of string?
One of the difficulties with security is knowing how far to go. No matter how much you spend, no system is 100% secure. But how far should you go ? What would a non-MoD or high-security company do to ensure it is as secure as it can be? As one IT manager said to us, “it depends on your level of paranoia…”
It is probably well-known that passwords should be strong, user devices should have anti-virus software, connections should be firewalled and email should be filtered before it reaches the user. What else could/should we be doing? We need a standardised checklist of steps we should take to improve security, published by an authority we trust and respect.
Cyber Essentials
A good starting point would be the Government’s Cyber Essentials scheme. This is a well-thought through set of requirements aimed at businesses of any size. It helps guard against the most common cyber threats (ie attacks coming from the Internet). Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked.
The Cyber Essentials scheme is implemented under the guidance of a certification authority (such as Indelible Data, whom we use). It will normally need some IT expertise to implement properly, and regular management reviews to ensure it continues to be effective. Once your implementation has been assessed as satisfactory (and paying a fee to the assessor – currently £300) you become certified and are able to advertise this to your customers and suppliers.
How can InfoSysCo help?
Firstly, you should ensure you have the most basic requirements in place:
Strong passwords for users, devices, WiFi etc. We can help you implement password and lockout policies.
Anti-virus software. We recommend Avast and Sophos antivirus products, including the innovative Sophos Intercept-X ransomware protection.
Email filtering. We recommend Messagelabs and Sophos filtering.
Firewall. Firstly, we can help you ensure that firewalls on PCs and laptops are on and properly configured. Then, we can help you ensure your gateway firewall that connects your network to the Internet is correctly configured. As well as Fortigate, Sonicwall, Cisco and Draytek devices we are fully trained and qualified in the Sophos XG range of firewall products, which works with Sophos ant-virus on user’s devices to provide the most comprehensive protection on the market.
Beyond this, we can help you implement Cyber Essentials. We have helped several customers through implementation to certification, allowing them to prove to customers and suppliers their commitment to Cyber security.