How can Businesses Improve their Cyber Resilience?

With 2020 now behind us, just what do the next twelve months have in store for businesses in Greater Manchester? How can business owners, directors and employees continue to improve their security in 2021? What can we do to prepare us for life post-lockdown in 2021?

We put these questions to our friends and colleagues across Greater Manchester.

What is the one thing businesses should do to improve their cybersecurity?

Cyber Essentials Cyber Essentials and cyber awareness for staff!

Marketing Manager at Linten Technologies, Stephanie Lynch-Ozanar

There is no one size fits all safety blanket There is no one size fits all safety blanket when mitigating the cyber threat, but the first step businesses should do to improve their cybersecurity is to appoint someone to be responsible for cybersecurity who is supported by the board/business owners.

Chief Information Security Officer of Irwin Mitchell, Graham Thomson - Founding Partner of NWCRC

Businesses need to Educate themselves more There are still a lot of companies that view cybersecurity as an added cost and this needs to change. As a breach could not only cause large fines, reputational damage, and the risk of their business closing as they may not be able to recover from the breach. Businesses need to be aware of cybersecurity and understand the right processes they need to have in place for their organisation, and this starts with education.

Cyber Security Consultant at Cyfor, Raj Kundalia

First Line of Defence

At The Co-operative Bank, we think it’s important that businesses support their employees in understanding more about cybersecurity as colleagues are a critical line of defence in protecting any organisation. Given this, we have created a number of educational resources for businesses to help improve user awareness.

Chief Information Security Officer - The Co-operative Bank, Chris Gray

Cyber Essentials Get certified in Cyber Essentials, it really can expose your weaknesses before the cyber criminals find them.

Director of Jovasi Technology, Huw Vaughan Jones

Start with a Vulnerability Scan If they've never done anything with cybersecurity before, start with a pen test or a vulnerability scan. Best way to shine a light on what the priorities are.

Head of Customer Security at TalkTalk, Mark Johnson - Cyber Expert Group Member

Cyber Resilience should be a standing agenda item Companies should have Cyber Resilience as a standing agenda item for Board and management meetings, with an agreed objective to address one progress point minimum each meeting.

Director of Programmes at BRIM, Joanna Goddard

Implement Cyber Essentials controls

Businesses of any size need to find out about the Cyber Essentials controls and implement as many as they can. These simple controls have been shown to prevent as much as 90% of all cyber attacks. There is plenty of support and advice available online from the NCSC and IASME, as well as the Regional Cyber Resilience Centres.

Chief Operations Officer at the IASME Consortium, Chris Pinder

Focus on the basics Focus on the basics – patching – this remains one of the most common attack vectors that threat actors use, and for most organisations investment would be minimal.

Cyber Security Compliance Consultant of CyberSecuritiesUK, Rory Breen

What is the one thing employees should do to improve their knowledge of cyber resilience in 2021?

Have I Been Pwned

Everyone should go to the free online service Have I Been Pwned (HIBP) and check their email addresses there - it will give you an idea of what is leaked/traded on the Internet amongst hackers and cybercriminals.

Group Information Security Officer of Barbican Insurance Group, James McKinlay

Read the News

Keep up to date on the high-profile cyber-attacks reported on mainstream news and understand how they can help protect their organisation – employees are often the first line of defence against cyber threats.

Chief Information Security Officer - The Co-operative Bank, Chris Gray

NCSC Training

Look at the NCSC free cyber training - It's very good.

Head of Customer Security at TalkTalk, Mark Johnson - Cyber Expert Group Member

Phishing

Learn the basics about phishing and the use of secure passwords.

Director of Jovasi Technology, Huw Vaughan Jones

Increased awareness of the basics

Increased awareness of basic security threats, in particular, phishing training and regular simulations with reinforced training for staff who click on links.

Cyber Security Compliance Consultant of CyberSecuritiesUK, Rory Breen

Research and understand companies' policies

Employees should seek to educate themselves on how to best protect themselves. Research and understand companies' policies, how to report, what to look out for and how to make their colleagues aware of phishing emails. Cyber Security Consultant at Cyfor, Raj Kundalia

Regular Training

Staff should ask their employer to put security policies in place and give them regular training to keep them aware of the latest trends.

Marketing Manager at Linten Technologies, Stephanie Lynch-Ozanar

NCSC Training

To improve their knowledge of cyber resilience, employees should take NCSC's new free online cybersecurity training for staff.

Director of Programmes at BRIM, Joanna Goddard + Chief Information Security Officer of Irwin Mitchell, Graham Thomson

Be suspicious

Be suspicious, most cyberattacks start with a phishing email. Make sure that from day one, every employee in your business is alert to these increasingly convincing emails and phone calls.

Chief Operations Officer at the IASME Consortium, Chris Pinder

What do you think is the biggest lesson we have all learnt in 2020, which will prepare us for life post-lockdown in 2021?

Appreciate the Good Things I think the biggest lesson we have all learnt in 2020 is that we can be just as happy and satisfied with a simpler, less chaotic lifestyle and that we should appreciate the good things a lot more. We can all be productive working at home more, which reduces the pressure on daily commuting habits.

Chief Information Security Officer of Irwin Mitchell, Graham Thomson

Ransomware Attributed to Patient Deaths This year we saw Ransomware in hospitals attributed to patient deaths the consequences of getting involved with this type of malware have moved to the next level, anyone thinking that ransomware-deploying gangs would leave hospitals and charities alone is very mistaken, Ransomware is extortion, itis not going away, indeed it is a growth area for cybercrime.

Group Information Security Officer of Barbican Insurance Group, James McKinlay

Mental Health in Lockdown For me it’s been mental health trying to keep the vulnerable around me sane, it has been a difficult year due to the restrictions and not being able to see my family.

Cyber Security Consultant at Cyfor, Raj Kundalia

Collaboration is better than before! We can collaborate virtually much better than before. It will be great to see people again (of course) but it will also be great to not spend 4 hours a day in the car commuting for no good reason.

Head of Customer Security at TalkTalk, Mark Johnson

Reliance on Remote Communications We have learnt more about our reliance on remote communications, backup planning is now a focal point for many where it wasn’t before. Backup plans, crisis management plans and continuity plans have to be a constant agenda point to ensure business resilience.

Director of Programmes at BRIM, Joanna Goddard

Flexible Working is a good thing We should all look to get IT solutions in place and invest in our business security and having a workforce that embraces flexible working is a good thing.

Marketing Manager at Linten Technologies, Stephanie Lynch-Ozanar

Staff Working from Home To ensure we have robust and up-to-date business plans, in particular around Home Working.

Cyber Security Compliance Consultant of CyberSecuritiesUK, Rory Breen

Flexible Working Environments

Many organisations have managed to operate very effectively with their staff working at home and their services being available exclusively online. This has accelerated the need for improved cybersecurity to address the challenges of remote access to the company network and work devices or BYOD being used in a home environment. Flexibility regarding the working environment and working hours is something we do not anticipate disappearing.

Chief Operations Officer at the IASME Consortium, Chris Pinder

We were unprepared for the Pandemic One of the biggest lessons many of us have learnt is how unprepared we were for the pandemic. Having helped customers develop business continuity plans that covered almost every eventuality, sometimes even the best prepared found it difficult to survive. Whilst some have adapted, others have thrived in the hardest of times, but there is a lesson for us all going forward that a bit of forward-thinking and preparation can be beneficial for us all.

Director of Jovasi Technology, Huw Vaughan Jones