This month, which just so happens to be European Cyber Security Month, has seen a number of high profile cyber security stories in the news.
But as the cyber security campaign comes to a close, just what should brands be expecting from the agencies that they entrust with their business data?
Making security everybody’s business
Online security is not just the responsibility of the IT guys, it is the responsibility of everybody. Just one seemingly innocuous act has the potential to leave a security door wide open, so your agency should be making sure that everybody is aware of their responsibilities towards cyber security.
Your agency should be educating their employees on the best practices of cyber awareness. This includes making sure that they understand and adhere to your policies surrounding passwords, internet and email acceptable usage and data protection should be adhered to and followed.
Protecting their hardware
Your agency should have adequate and up-to-date antivirus protection across their entire network. This includes any devices connected to their network, from server level through to tablets and mobile phones.
Hardware and devices should also be on a patch and update plan so that they are regularly updated and patched to the latest safe versions of software. It is essential that software has the latest security patches to prevent any back-door infiltrations.
Software itself is a common source of security threats, so your agency should have a strong policy on the installation of software, especially unintentionally installed software. Many people have got into the habit of clicking through application installations to the point that they don’t pay attention to what’s being asked of them, while some products hide other application installations within the process knowing that 90% of people will click through the terms page.
Laptops and tablets are more vulnerable to being lost or stolen, so this risk needs to be managed. This includes limiting the data that is stored on portable devices and having boot level hard drive encryption with a master password.
Protecting their network
Your agency should be using a hardware firewall that properly controls incoming and outgoing traffic. Their wireless network should be a secure hidden network encrypted with WPA2 (the latest standard encryption technology), and their policies should only allow protected and approved devices to connect.
Security policies across these systems should also be regularly checked and easily manageable, so that employees cannot see any data beyond what is necessary to perform their daily role.
Backing up, backing up the backup, and backing up the backup of the backup
Backing up data is absolutely essential and, ideally, this should be done both on and off-site. This protects against technical failures, such as a localised hard drive failure, as well as the risk of data loss due to theft or fire.
Generally a full backup should run weekly, with incremental backups taking place every night.
Monitoring their assets
Ultimately, prevention is better than the cure.
The first line of defence for cyber security is in ensuring that relevant controls in place to be able to monitor for potential risks and access breaches, and that there is a robust procedure in place to address threats before they become a significant security problem.
To find out more about European Cyber Security Month and to get involved, head over to https://cybersecuritymonth.eu/.
