It’s the first week of 2023, and you’re back at work and feeling rejuvenated, right? Can you say the same for your computer software, devices and systems?
After business closures such as the Christmas holidays, Easter and bank holiday weekends, we power up our devices without giving their health or security a second thought. Commonly, cybercriminals will look to take advantage in times like these to strike, aiming to go unnoticed until you return to the office or until your systems are restarted.
This seriously threatens your business as you can't defend against something you don’t know exists. To help you tackle the threat before it wreaks havoc in your systems and on your devices, we've created a Cyber Workout Plan for 2023 to keep your business fit and ready to tackle any cyber security challenge!
The Cyber Workout Plan comprises 12 mini workouts for your business to complete so you can tackle any threats that may have arisen during the festive break.
The 2023 cyber workout plan includes
Cyber Workout One: Password Management
Ensure any passwords you create and use are complex, random, and secure! 64% of individuals reuse passwords over multiple accounts, and in 2021, compromised credentials accounted for 20% of all data breaches!
Power up your security by switching your passwords to passphrases, a series of random words without relation to one another.
Introduce a password manager to store your credentials securely - this helps prevent password fatigue.
Enable multi-factor authentication to your company accounts and devices - adding an extra layer of security to the login process.
Cyber Workout Two: Check for Software Updates
Keep your software up to date! During the winter break, your company devices may need a software update - enabling auto-updates to ensure your technologies have the latest security defences and resolve any potential bug issues.
Keep track of which software versions are installed on your devices so that you can promptly target security updates.
Install software updates as soon as they become available to fix exploitable bugs in your devices.
Enable automatic updates for OS, applications, and firmware, where possible.
Cyber Workout Three: Update Your Cyber Incident Response Plan
When did you last test your Cyber Incident Response plan? Ensuring you have a solid and up-to-date Cyber Incident Response Plan can minimise the fallout in the event of an attack or breach. Hopefully, you won’t ever need to use it, but it is fundamental to implement!
If you don’t have a response plan in place, look to implement one throughout your organisation covering data backups, a communications plan, and steps to recovery.
Once you have your response plan implemented, test this every 6-12 months - this includes looking at how long your backups take to restore your data, what communication methods you use, and who has ownership of each action.
Still unsure why it is important to have a Cyber Security Plan in place?
Cyber Workout Four: Take our Free Cyber Health Check
2023 is the year to take control of your cyber health! Whether your business is starting on its cyber security journey or you would like the peace of mind knowing that your internal capacities are operating as they should be, a cyber security health check is the optimal way to help get you going.
Our Cyber Health Check will help you gain valuable insight into your organisation’s current risk level.
Identify the gaps in your security so you can implement the appropriate security defences that your business needs.
Remain compliant with regulations such as the UK GDPR 2021.
Cyber Workout Five: Give your staff Security Awareness Training
Strengthen your human firewall! Regular Security Awareness Training is one of the most effective ways to strengthen your workforce. Businesses can see a 70% reduction in socially engineered cyber threats when implementing effective cyber awareness training.
Power up your human firewall with targeted training that equips your staff with the latest guidance to remain cyber secure.
Ensure training is regularly implemented to help keep your workforce ahead of the curve with the latest security defences.
Take your training one step further by implementing phishing simulations to keep your people vigilant and robust.
Cyber Workout Six: Vulnerability Assessment
A Network Vulnerability Assessment tests your IT system configuration using the same techniques hackers use to ensure your company is not open to cyber attacks.
We can scan and review your internal networks and systems, looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.
If you've never had a Vulnerability Assessment, make a note to get tested in 2023. Our focus with a Network Vulnerability Assessment is to identify weaknesses that might compromise your network. With a plain language report, we can share our results with you alongside simple instructions on how any vulnerabilities might be fixed.
Cyber Workout Seven: Backups, Backups... Backups
Regardless of size and type, all businesses should take regular backups of their important data. Start 2023 with a new backup routine, ensuring your backups are tested so you are confident they can be restored.
Ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from.
To help keep your files and data safe, you should secure digital backups with a password or encryption and keep them isolated from your network. By doing this, you're ensuring your business can still function following the impact of flood, fire, physical damage, or theft. If you have backups of your data that you can quickly recover, you can't be blackmailed by ransomware attacks.
Cyber Workout Eight: Have you considered a Simulated Phishing Exercise?
Phishing scams are becoming harder to spot; poor grammar and spelling and low-quality versions of recognisable logos are common signs of Phishing attacks. Other things to look out for include checking the sender's email address to see if it looks legitimate or whether a company logo has been manipulated to look legitimate.
Training your employees on what a phishing attack looks like makes them more likely to identify and report scams. Our Simulated Phishing Exercise gives you a continuous simulation and training to understand the latest attack techniques, recognise when something looks wrong, and help you stop fraud, data loss and brand damage in its tracks.
Cyber Workout Nine: Do you need Board-Level Training?
New regulations (such as GDPR) and high-profile media coverage on the impact of cyber incidents have raised the expectations of partners, shareholders, customers, and the wider public.
Quite simply, organisations - and board members especially - must get to grips with cyber security. You must start if you are not regularly discussing cyber security at your board meetings.
The National Cyber Security Centre has produced a Board Toolkit to help encourage essential discussions about cyber security to take place between the Board and their technical experts.
Cyber Workout Ten: Implement or Review your Cyber Security Policies
Every business will follow the First Aid or Fire Alarm procedure, so why is cyber security any different?
Businesses must adopt several cyber security policies, including a Bring Your Own Device Policy, Social Media policies and Risk Management/Incident Response policies.
Members of the Cyber Resilience Centre can take advantage of our Cyber Security Policy Templates that will help you to identify the gaps within your business. Membership starts from £500; learn more today.
Cyber Workout Eleven: Think about your Supply Chain
Cybercriminals target supply chains to reach the broadest possible audience with their malware. Identifying and compromising one strategically important element is an efficient use of resources and may result in a significant number of infections.
It’s often perceived that small businesses are not big enough to be hit by a supply chain attack. However, it is not about how many people work for you or how many office locations you have. A supply chain attack can be carried out through your systems.
To help you secure your supply chain, you should ensure that your suppliers regularly conduct security audits or have security certifications and put this within your contract with them.
Cyber Workout Twelve: Have you got the Cyber Essentials Certification?
Cyber Essentials is an effective Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.
Qualifying organisations will receive around 20 hours of remote support with a Cyber Essentials Assessor. To qualify for this scheme, an organisation must either be:
a micro or small business (1 to 49 employees) that offers legal-aid services
a micro or small charity that processes personal data, as defined under GDPR
Fight back against cybercriminals with the North West Cyber Resilience Centre
The North West Cyber Resilience Centre works with small or large businesses to help reduce cyber-related risks and vulnerabilities and enable companies to follow cyber best practices to avoid these incidents.
We offer a free membership package to help you guard your business against cyber-attacks in the way you would protect your premises against fire and flood. Membership is hassle-free and doesn’t commit you to anything that you’ll later be charged for. There are options to upgrade your membership to utilise our cyber services, but these upgrades are not compulsory – the crux of the offer is free.
