Caithness Map :: Links to Site Map Great value Unlimited Broadband from an award winning provider  

 

Is Cyber Security Part Of Your Business Plan?

10th January 2018

Photograph of Is Cyber Security Part Of Your Business Plan?

The increasing use of digital services in a connected world brings an increasing threat of cyberattack. The Internet that connects systems doesn't discriminate between the type of traffic it allows on the network, it is our responsibility to manage this when we connect to and use the Internet by recognising and reducing the risk as appropriate. Attackers are constantly improving their ability to penetrate systems through social engineering and the opportunity of our increased online presence. The first step for an organisation to counter the threat from cyberattack is to understand their risks and to deal with the question of not "if" it will happen, but "when".

The consequence of a successful attack depends heavily on the nature and scale of the attack and the ability of the organisation to respond to it. Some attacks may result in complete failure of an organisation's systems; some may take money from bank accounts or credit cards; some may compromise data; and some may impact on an organisation's reputation. It is important to remember that not all attacks come through the computer systems, successful telephone based vishing attacks are being seen in ever increasing quantities to demonstrate that our ability to detect them does not depend on computer based security systems.

The majority of cyberattacks are not targeted at specific individuals or organisations but are opportunistic and look to exploit known vulnerabilities in computer systems that can be exploited. Cyber attackers, hackers and writers of malware use programs that are able to automatically exploit known weaknesses, poorly configured systems and weak passwords without consideration of the impact that it will have on the target.

Organisations should not look on the cyber security threat as being a technology problem, it is an organisational risk as it is the organisation that will be disrupted and it should be addressed at this level. Whilst technology is a natural part of the process to secure the organisation, most of the changes that are required in the attitude of employees to the risk and the management of the risk. Security needs to be an integral part of the business process, technology can assist in the implementation and management of the process but it can't fully protect it.

There are some practical and basic steps that individuals and organisations should take in order to better protect themselves:

Do not share passwords between employees or on different services/applications, preventing multiple systems being compromised if one username and password is obtained.

Robust passwords provide one of the first lines of defence against attack and we should think about pass-phrases rather than passwords when choosing our passwords. Policies on password management vary from one organisation to another with some demanding passwords have a minimum length, a mixture of numbers, letters and special characters and that needing to be changed frequently. Consider using passwords that are 12 or more characters long that are based on three or four unrelated words that are punctuated by numbers and characters, e.g. Blue1Fish.Moon.

An organisational password policy indicates that the issue is taken seriously and provide guidelines to employees and users on password selection and management. Consider using one of the many available password managers to make the management of passwords within the organisation easier and secure for everyone as user should be using more than the typical five to six unique passwords.

Regularly educate users on the various attacks vectors that are used, this should include email, social media and the use of social profiling. Deliver regular training sessions to ensure that users are aware of the current techniques being used and consider carryout tests on the systems and users through carryout ethical penetration tests to see how effective this training is.

Restrict access to data to only those that require it

The security threat is not static and neither should the system resilience, to assist in maintaining resilience within the business systems:

Ensure that all systems are properly configured so that only authorised and restricted users have management/administrative rights and that they are only used when needed.

Ensure that system updates and patches are applied promptly after being released.

Install commercial grade anti-virus software and keep it up to date.

Review systems to ensure that they are compliant and manage change to ensure that the system resilience is maintained.

Take regular system and data backups and ensure that the organisation can recover with acceptable data loss.

Implement a recovery plan to ensure that the organisation can get back to the required operational level within an acceptable timeframe.

To assist with this, the National Cyber Security Centre has produced a 10 Steps to Cyber Security resource at https://www.ncsc.gov.uk/guidance/10-steps-cyber-security.

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide cost effective, basic cyber security for organisations of all sizes.

The Assurance Framework, leading to the awarding of Cyber Essentials and Cyber Essentials Plus certificates for organisations, has been designed in consultation with SMEs to be light-touch and achievable at low cost. The two options give organisations a choice over the level of assurance they wish to gain and the cost of doing so. It is important to recognise that certification only provides a snapshot of the cyber security practices of the organisation at the time of assessment, while maintaining a robust cyber security stance requires additional measures such as a sound risk management approach, as well as on-going updates to the Cyber Essentials control themes, such as patching. But we believe this scheme offers the right balance between providing additional assurance of an organisation’s commitment to implementing cyber security to third parties, while retaining a simple and low cost mechanism for doing so. The Scottish Business Resilience Centre maintains a list of organisation that can assist organisations to achieve Cyber Essentials at: https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/approved-practitioners/

https://www.sbrcentre.co.uk/services/cyber-services/cisp-and-cyber-essentials/trusted-partners/

HIE is currently working with a range of its clients across the region who are working towards their Cyber Essentials accreditation. This has been running since September and included a one day intensive workshop and 1-2-1 support from a digital adviser to develop a Cyber Resilience plan. Any account managed organisations or businesses interested in this programme should contact their account manager or can email hidigital@hient.co.uk

Computer Security is a vast topic and more information can be read at https://en.wikipedia.org/wiki/Computer_security

 

Related Businesses

 

Related Articles

Shell-volution: £4.4m Islands Growth Deal To Boost Scotland's Mussel Farming SectorThumbnail for article : Shell-volution: £4.4m Islands Growth Deal To Boost Scotland's Mussel Farming Sector
Shell-volution is an ambitious industry-wide initiative supported by the public sector and the University of the Highlands and Islands (UHI) which has been awarded £4.4 million of investment from the UK Government as part of the Islands Growth Deal.   This innovative, ground-breaking project is set to transform shellfish aquaculture, bringing sustainable growth and additional quality jobs in mussel farming, based on detailed investigations (mapping and monitoring) and creating a model for improving security and reliability of wild spat recruitment, through industry best practice.  
Nairn Bronze Foundry Expands Business And Creates Jobs
A Nairn-based foundry, which has achieved international recognition for its larger-than-life bronze castings has invested in a £200,000 expansion to help it reach greater heights.   An award of £60,000 from Highlands and Islands Enterprise (HIE) has helped Black Isle Bronze to improve infrastructure and purchase equipment to extend the range of projects the firm can undertake.  
Grant Funding For Young Businesses Opens For ApplicationsThumbnail for article : Grant Funding For Young Businesses Opens For Applications
Young businesses and social enterprises in the Highlands and Islands looking to increase productivity, innovation and employment can apply for funding from HIE.   The fourth round of the Highlands and Islands Enterprise (HIE) Young Business Capital Grant (YBCG) is now open to businesses that have been trading for less than five years with up to 250 full-time equivalent employees.  
Call For Young Entrepreneurs To Register For Final Support ProgrammeThumbnail for article : Call For Young Entrepreneurs To Register For Final Support Programme
Ambitious young businesspeople in the Highlands and Islands have just one more chance to benefit from a tailored support programme.   IMPACT30 was launched by Highlands and Islands Enterprise (HIE) in 2018 to help nurture and empower the next generation of entrepreneurs.  
Winners Announced At Highlands & Islands Food & Drink Awards 2024Thumbnail for article : Winners Announced At Highlands & Islands Food & Drink Awards 2024
The winners of the Highlands and Islands Food & Drink Awards (HIFAD) 2024 were announced on Friday 1 November at a prestigious ceremony at the Kingsmills Hotel, Inverness.   Supported by Highlands and Islands Enterprise (HIE), the awards celebrate the talent, quality and diversity across food, drink and hospitality in the Highlands and Islands.  
Caithness Fabrication Firm Gears Up For Big ContractsThumbnail for article : Caithness Fabrication Firm Gears Up For Big Contracts
A family run engineering fabrication firm in Caithness is investing in a project to improve productivity, grow business turnover and create new jobs.   Gow's Lybster Limited has been working with development agency Highlands and Islands Enterprise (HIE) over several years to develop its growth plans.  
Scottish Aquaculture Industry Gears Up For Aqua Nor 2025Thumbnail for article : Scottish Aquaculture Industry Gears Up For Aqua Nor 2025
Highlands and Islands Enterprise (HIE) will return to Norway to host the Scottish Pavilion at Aqua Nor 2025.  The Scottish aquaculture supply chain is invited to register their interest to exhibit as part of the pavilion or join the wider Scottish delegation.  
Dounreay Engineer Wins Young Chemical Engineer Of The YearThumbnail for article : Dounreay Engineer Wins Young Chemical Engineer Of The Year
A young engineer working on Britain's deepest nuclear clean-up project has been recognised by the Institute of Chemical Engineers (IChemE).   Liam Gordon (27) won the Young Chemical Engineer of the Year award at the annual showcase event of the Aberdeen branch of IChemE, the professional body for chemical engineers in the UK.  
New Support Programme Launched For Food And Drink SectorThumbnail for article : New Support Programme Launched For Food And Drink Sector
Food and Drink TechHUB will provide financial and advice support to help businesses, including social and community enterprises, with commercial growth and net zero transition activities.   Small to medium sized enterprises in the Highland Council area that operate in the food and drink sector and its supply chain are expected to benefit from a new programme of support launched his week.  
Grants To Help Businesses And Social Enterprises Cut CarbonThumbnail for article : Grants To Help Businesses And Social Enterprises Cut Carbon
Businesses and social enterprises in the Highlands and Islands looking to reduce the environmental impacts of their operations can now apply to a new Green Grant Fund launched on Thursday 26 September 2024.   The three-year £2.7m fund was developed by Highlands and Islands Enterprise (HIE).