10 best Cyber Security practices that you should implement across your environment

October is Cyber Security Awareness Month, and our senior security architect Vlad Birgauanu is bringing you 10 quick wins to implement for a more secure workplace.

1. Multi Factor Authentication and Single Sign-On

Implementing Multi-Factor Authentication (MFA) or Single Sign On (SSO) over all your cloud services offer you a safety net in case an account gets compromised via bruteforce or credential stuffing attacks. MFA and SSO can work together to provide a better user experience across external services and provide protection against password guessing and theft.

2. Asset Inventories

Asset inventories ensure you have visibility of all the assets in your company that access your data or are used across the estate. e.g. laptops, PCs, routers, printers, etc. Keeping (and regularly maintaining) an asset inventory can help with identifying risks, forming policies around data security, compliance and data governance.

3. Baseline Configuration

Do you configure your devices with security in mind to reduce overall risk? Do you have a 'gold' image that you use to build your endpoints and servers from? Having a configuration baseline for security such as CIS not only enhances your overall security stance, but you can also align this to security certification frameworks like Cyber Essentials or ISO 27001.

4. Vulnerability Review

How often do you review the vulnerabilities present across your estate? New vulnerabilities crop up every week and vendors release patches as soon as possible. Are you aware of your exposure? How about your external presence such as your corporate website? When was the last time you checked it for vulnerabilities? Threat and Vulnerability assessments help identify where your network, systems and hardware are most at risk.

5. Configuration Review

When was the last time you've reviewed the configuration of your Active Directory or Entra? Configuration reviews can ensure that you follow the best practices and standards for security and help to identify and fix any weaknesses or vulnerabilities that could be exploited by attackers. Microsoft document an extensive number of recommendations and best practices. Implementing these give easy wins.

6. Build a culture of security

The old-fashioned approach of scolding employees can lower engagement with security practices. It’s important to develop rapport, openness and trust with your workforce so that they do not fear being reprimanded if they report an accidental breach or incident.

7. Security awareness

Empower your employees with training and awareness on identifying and mitigating risks and implementing security best practices. This can be your first line of defence. Do you have a security awareness program, such as training courses or materials that users can learn from and reference when in need?

8. Documentation

Documented security policies and procedures help users within your organisation consistently implement business processes, ensure compliance and reduce the risk of breaches. Do you have documented processes for giving administrative permissions to someone, for example? Is there an internal approval process for this?

9. Build a roadmap for security

As threats evolve, so should your security responses, but these shouldn’t just be reactive. Building a roadmap allows your organisation to align your security processes to business goals and objectives and helps key stakeholders understand the importance of having a strong security stance – e.g., getting certifications or accreditations like ISO27001 or implementing the right DR / Business Continuity plans. Do you have a list of actions that you need to take over the next 1, 3 or 5 years to improve the organisation’s security posture?

10. Cyber Insurance

In today's society everyone is a target no matter how big, or small your organisation is. Data breaches, ransomware attacks, and other cyber-crime can disrupt operations, erode customer trust, and cause significant financial losses across a wide range of industries and sectors, including charities and not-for-profits. Cyber insurance can offer organisations financial support in the aftermath of a cyber incident, and some can also provide essential resources to manage a cyber incident effectively.