Thames Hospice use network security monitoring to protect their patients data
Find out more about Hospice IT Services
While it is important for any organisation to adopt a cybersecurity standard, just checking all of the boxes will not make you secure.
While well-intentioned, the wide variety of standards can be quite confusing to the organisations that need them the most.
There is no standard or guideline that will ensure you are secure, even if you can honestly tick off all the boxes.
If you meet all of the requirements of a particular standard, and don't consider how they uniquely apply to your organisation, you will end up with full compliance, but mediocre security.
"There is no standard or guideline that will ensure you are secure, even if you can honestly tick off all the boxes."
This is not always necessary but where a higher level of security is required for your business service, and for ultimate piece of mind Managed Service Providers like Riverlite manage the service of third-party experts who can implement the most comprehensive security testing. This includes:
Encryption for devices that leave the office - Encryption is no longer a nice to have for devices that leave the office; it is included within modern Windows OS and should be configured accordingly.
Periodic auditing of user accounts - remove anything that should not be there; check who is an admin and verify if this is actually required. Lock down system to those who are trusted.
USB drive encryption - Consider blocking access to removable devices such as USB drives that are not encrypted; modern solutions exist that make this easy (Sophos AV for example which Riverlite partner with)
All of these elements below are no longer 'nice to haves' but essential for good cyber security
5. Phishing Tests - Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. A phishing test is a good way to test your staff’s engagement with security training and these can be implemented by some managed service providers.
Find out more about Riverlite Phishing protection.
Essentially patches are used to deal with vulnerabilities and security gaps.
The timing of security updates is important. Too soon is a risk and a delay is equally risky.
Are updates (security & anti-virus) actually monitored to confirm successful delivery?
One missed update is all it takes.
Find out more about our Network monitoring solutions
A Backup strategy document is essential as the ability to restore from back up is the last line of defence, providing a way to restore original data in the event of a successful cyber attack.
Having the option of Multiple backups from multiple locations is an important safety element in the backup process. It is important to know what the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are for your business.
How often are your backup processes tested?
Hackers have identified that staff are the most vulnerable part of any organisation. According to the latest UK Government cyber security survey the most common type of attacks on businesses are phishing attacks – staff receiving fraudulent emails or being directed to fraudulent websites.
Because of this danger across the business it is no longer the sole preserve of the IT department to handle cyber risk on its own. There is also a skills gap when it comes to cyber security expertise according to a separate UK government report within business.
This is why it is important to carry out regular cyber security training and education across your business.
Protection of customer and patients data is vital to any business's reputation and financial security. Addressing these questions can help you start to address and improve your cyber security.
Riverlite Cyber security services
Riverlite cyber security services defend your internet connected systems, computers, servers, networks and mobile devices from malicious attacks.
The damage to your business can be financial, reputational or operational. All of which, require time, money and resources to rectify and recover. As always, prevention is the best cure.