With the explosion of IT in business, enormous amounts of critical business information is now held online and in the cloud. How should businesses in New Zealand make sure their data and systems are secure? Cogent has written the below steps based on guidance from Connect Smart, part of the National Cyber Policy Office (NCPO).
60% of small to medium sized (SMB) that suffer from a network security attack are out of business within 6 months of the attack. According to IBM, SMBs are hit by 62% of all cyber-attacks, about 4,000 per day.
Criminals overseas and in New Zealand can make a living from finding vulnerable systems, locking them up for you to pay a ransom, stealing and selling your data. Here are Cogent’s four steps for better network security:
1. Find out what your network security exposure is
When you’re thinking about your security, the first thing to consider is your exposure. Are you and your employees online all the time to do your work? Is your information online? Are some or all of your systems? Do you interact with customers through your website or mobile? And do you and your employees go online at work for personal reasons as well? What about your awareness? Do you and your people think about security? Do you take a cautious approach to unknown emails and social media invitations? Do you have a cyber security policy, or talk about it at all? And do you as the business leader take ownership of it? Or do you leave it to your IT team, or the person in the office that knows the most about computers? Take the Connect Smart business preparedness quiz to see how your business compares for security, and to create an action plan to help close any security gaps Connect with Cogent, we can look at your network to see what your exposure is using our network security tools.
2. Put together a network security policy for your business
Your network security policy sets rules to protect your business. It includes simple security controls for the ways you and your team use your systems and devices. Having no policy in place exposes your business to security breaches. It could also expose you to potential legal or regulatory problems, especially if you have an e-commerce platform or if you collect customer data online. Your policy gives your people clear guidance around the right ways to use their mobile devices and online systems. It helps them understand the important role they play in protecting your company’s network security. Having a network security policy also gives your customers confidence in your business.
You can include it on your company’s website as a way of showing your commitment to their security. Where do you start? There are a number of areas that a security policy should cover:
- Safe use of email and the web
- Securing mobile devices
- Handling sensitive data
- Managing remote access
- Using USB drives and other portable storage
- How to report security breaches confidentially
Three basic network security controls:
- Use security software and keep it updated: a firewall, and anti-virus and anti-spyware software
- Back up your critical data on a regular schedule – and test your backup once a year;
- IT Manager, give someone responsibility for your network security.
Cogent can cover you for all three network security controls. Our firewall as a managed service, endpoint protection (including anti-virus and anti-spyware), disaster recovery backup remote monitoring service and EasyCare on-premise support can cover your business’ network security needs, all for a simple fixed monthly fee. Connect with Cogent to find out more.
3. Put together a plan to manage security incidents
Your incident management plan gives your employees guidance on recognising and dealing with a network security breach. The most important step is realising it’s happening. You and your people must be able to identify an attack quickly, so you can minimise its impacts and get back to business. The second most important thing is having a plan. Knowing what to do before things get out of control is valuable. And while it may go without saying, it’s always a good idea to have your plan laid out on paper – not on your computer. There are six phases to a prevention plan:
Prevention – make sure your day-to-day use and policies make it hard for attackers
Monitoring – make sure you and your people recognise and detect any attacks quickly, and report them immediately without fear of getting in trouble if they’ve made a mistake
Triage – identify the nature of the attack, who to notify and what to do
Responses – your technical, management, communication and legal actions Resolution – what you need to do to shut down the attack and prevent losses
Review – assess what happened, how well your defences worked, and how well your plan coped
Cogent can write a plan just for your business. Connect with Cogent to find out more.
4. Make sure you review your network security frequently
Once you’ve set up your risk management approaches, you need to make them part of your culture. The type and nature of cyber threats are evolving every day. It’s important to review and revisit your approaches regularly, and if new types of attacks pop up. Schedule a regular review time for your network security policies, incident management plans and training. Update your operating software and anti-virus software whenever possible, and ensure you’re actively notified when updates are available to Keep an eye on security updates and incidents in the rest of the business world and check if your policies would protect you from these new threats Review user access privileges regularly, and when employees leave to make sure you remove their access to your systems.