Alex Woodward

Alex Woodward

Head of Cyber Security Services

To be cyber secure, you need to be cyber aware. That means understanding where you are in the cyber world and making sure your security is robust enough to tackle the latest cyber threats.

As Cyber Security Awareness Month begins this October, we are taking a look at how to stay safe, particularly in today’s world of remote working and mobile devices. Prevention is far better than cure, so practising good cyber hygiene at an individual, departmental and organisational level is key. Here are six top tips to help your organisation stay vigilant and make sure your people are one step ahead of the attackers.

1. Know where your data is

Cloud computing, along with remote working devices, means that data is more widely distributed and accessible than ever before. Without a traditional data centre, there is a greater risk that organisations can lose sight of their critical data. To make sure it is safe, no matter where it is saved, it is important to have good risk-based security control mechanisms in place to protect your Crown Jewels. The right monitoring and threat management capabilities, in the right place can significantly reduce your risk of a successful attack.

2. Make time for training and awareness

Your people are one of the greatest assets your organisation has when it comes to cyber security. But without the right training, they can also introduce serious cyber risks to your business. Almost 90% of cyber security breaches are now due to human error as people fall victim to various cyber-attacks. Helping your people to recognise cyber risks and understand the steps to take if they do suspect a breach has occurred, should be a core cyber defence strategy for any organisation.

3. Be vigilant about phishing

Phishing attacks are on the rise and over three billion fake emails are now sent every day and are increasingly hard to spot. Sophisticated hackers use emails, software download links and even meeting reschedule requests to trick victims into sharing important information or introducing malware. Educating your people to increase their awareness of Phishing techniques brings lots of benefits. Avoiding emails from unknown addresses, reading messages carefully before replying, checking emails for errors or inconsistencies and hovering over links to double-check the destination are all simple ways to help avoid a phishing attack.

4. Stay on top of software updates

Particularly now people are more likely to work remotely, it is easy for software updates to be delayed or ignored. Under time pressure and with targets to meet, it is easy for your people to set software updates aside and carry on with work. But saving those few minutes can be costly. Software updates often include security patches that fix security flaws and without these, cybercriminals can quickly exploit these known weaknesses. Allocating time for teams to update and download new software, or raising awareness about overnight updates, are some strategies organisations can take to incentivise this simple but effective cyber security defence strategy.

5. Prioritise passwords

With more systems and devices in use than ever, employees need to prioritise passwords. Ideally, strong and unique passwords should be used for every account and device – and that means moving away from the most common options: ‘12345’ and ‘password’. Work passwords should never be the same as those used outside of work and recording passwords, for example in a spreadsheet, is particularly risky. Many individuals struggle with this aspect of cyber hygiene as people often simply do not remember all the different logins they need. In this instance, password managers for individuals and teams or access/identity management could be a worthwhile option, allowing people to access numerous applications, systems and devices, without having to authenticate themselves multiple times.

6. Make multi-factor authentication mandatory

Cybercriminals today are so sophisticated that a single security layer is insufficient to prevent an attack. Adding an additional authentication ‘factor’ such as something you have - for example, a security key or device - or biometrics – such as fingerprint scanning – keeps critical applications and sensitive information safer than passwords alone. It also prevents cyber criminals who have gained access to your password from moving freely through these, because additional authentication factors are regularly required. Enable Multi-Factor Authentication on as many services as you can.

Across all areas of an organisation, people make the biggest difference in cyber security. With the right training, awareness and systems in place, you can put your organisation in the best possible position to avoid or respond to a cyber breach.

Take a look at our Cyber Security Media Centre to discover the latest information on all areas of cyber security, or contact us for more information about staying Cyber Security aware.  

About this author

Alex Woodward

Alex Woodward

Head of Cyber Security Services

Alex leads the delivery of the Security Operations element of CGI’s UK cyber practice with responsibility for Security Operations Advisory, Managed Security Services and Penetration testing functions.