Cyber Security Fundamentals

5 Key things to take away

  • Software Updates
  • Secure passwords
  • 2 step authentication
  • Password managers
  • Backups

 

Secure Configuration

  • Close accounts which are not used (email, login accounts)
  • Remove software you don’t need
  • Change all default admin passwords to a strong passwords (network switchers, routers etc)
  • Disable auto run features (usb sticks etc)

 

Boundary Firewalls and Internet Gateways

  • Needed on office devices
  • Change default pass
  • Prevent your network being exposed to the internet
  • Authentication to access internal services from internet

 

Access Control

  • Do ot work on admin account day to day
  • Use strong admin pass
  • Do you have a list of (and process for) people in your organisation with admin privileges?
  • No users with same user and pass

 

Patch Management

  • Correct licenses
  • All software supported (No XP or server 2003)
  • Set to update automatically
  • Receiving security patches

 

Malware Protection

  • Anti-virus on all computers – Yes, including Mac
  • Set to update itself automatically
  • Set to scan on access
  • Warn you about malicious websites

 

Use a firewall to secure your Internet connection

  • Protect your internet connection
  • Creates a buffer zone
  • Between your computers and the Internet
  • Twı types of firewall – personal and boundary
  • VPN is very secure on shared wifi connections
  • If you have 2 factor authentication on anything, turn it on

 

Choose the most secure settings for your devices and software

  • Default configuration can have everything on
  • These settings can also provide cyber attackers with opportunities
  • Check the settings of new software and devices
  • Delete unused apps, remove irrelevant permissions
  • Use passwords
  • Consider using wipe iphone option after 10 wrong passwords (if you don’t have small kids at home)

 

Passwords

  • Use password manager: Last pass – you can give people access for a few passwords without telling them the password
  • One password, dashline, last pass
  • Check if your password or email is compromised https://haveibeenpwned.com/

 

Control who has access to your data and services

  • Minimise the potential damage that could be done if an account is misused or stolen
  • Extra permissions should only be given to those who need them
  • Check what privileges your accounts have
  • Only use software from official sources

 

You can download the checklist from Cyber Essentials website

https://cyberessentials.org/downloads/index.html

 

Protect yourself from viruses and other malware

  • Windows has defender, mac has Xprotect
  • Make sure you use a web firewall as well
  • Phones tablets laptops computers – keep them updated
  • Both OS and installed apps or software
  • Security updates needs to be installed within 14 days

 

Devices

  • BYOD – Bring your own device
  • MDM – Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablet computers, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices.

 

Cyber Attack Stats

  • 54% of UK companies hit by cyber attack
  • Avg cost of cyber attack 3-36k GBP
  • 96% of companies not confident can protect themselves
  • Most common attacks by fraudulent email, impersonation and ransonware
  • 76% of UK adults don’t know what ransomware is
  • Ransomware 58% of organisations hit paid ransom

 

Backup

 

5 Key things to take away

  • Software Updates
  • Secure passwords
  • 2 step authentication
  • Password managers
  • Backups