01732 759725 33 magazine CYBER SECURITY simple as inserting a hyphen, changing yourbrand.com to your-brand.com for example. n Third party breaches. We have inevitably seen an increase in third-party breaches due to today’s more complex digital supply chains. Data security and privacy regulations, such as the GDPR, specifically state that data controllers are ultimately responsible for any data that has been shared with others, meaning they could still face fines in the event of a third party breach. Top cyber management tips Being aware of and sensitive to the dangers outlined above and developing a security-first mindset is only a starting point. To really get ahead of the cybercriminals you should take the following practical steps. First steps: n Make sure you have a robust cybersecurity strategy in place. n All staff should receive regular cyber awareness training. n Your business may be too small to justify a full-time cyber specialist, but make sure someone is responsible for cybersecurity or look to outsource your requirements. Managed security service providers recognise that small businesses don’t have huge budgets and can provide cost-effective solutions. n Remote working offers many benefits but increases digital risk. You can lower this risk by employing a ‘least privilege’ access policy and introducing a robust backup and disaster recovery plan. n Employees and contractors should have strong, unique password logins for different accounts, ideally using a password management tool. n Take out some form of cyber insurance and undertake regular security risk assessments. n Timely updates of security patches on computers are becoming even more crucial to protect systems. This is one of the most efficient and costeffective steps an organisation can take to minimise its exposure to cybersecurity threats. Take control of threats on the DarkWeb n Introduce a DarkWeb monitoring service through a managed service provider or specialist solution. This will alert you if your data is offered for sale or your business is mentioned by hackers or ransomware gangs. Using an automated tool is the safest, most efficient way to do this. Manual research requires skilled and experienced staff if you want to avoid the dangers of detection by criminals or inadvertent downloading of malware. Malicious Domain Names n Be proactive in identifying fraudulent web addresses that mimic your corporate sites. Make sure your IT staff look for ways to identify suspicious domain registrations and provide immediate alerts. If a suspicious domain is identified, you will need to establish whether a website or mail service has been set up. The domain can be used for phishing campaigns even if no site is present. Takedowns can be a challenge because scammers can use GDPR to retain anonymity and removals require justification, typically trademark/ copyright infringement or evidence of illegal activity. Using a specialist service is often advisable. Critically, this is about customer protection and reputation management. Third-party breaches n Early breach detection is critical when you use third-party suppliers.When you share your customers’ data with a supplier and they share it with theirs, it remains your company’s responsibility. You should continuously monitor for your data appearing outside your company’s network. n Ensure third party network access is restricted to the absolute minimum necessary for their role, which will minimise the damage an attacker can do by compromising them. Strict processes should be in place around sending any kind of sensitive files outside the network to reduce the risk of copied datasets being leaked. n Take control. One of the most effective methods here is to tag datasets with a type of digital watermarking known as a 'breachmarker'. This takes the form of a unique, synthetic identity placed into a dataset among thousands of real people. Because it doesn’t exist elsewhere, you will know for certain that you’ve been breached if it ever shows up. Continuous, automated monitoring can be deployed to constantly scan for this marker in open and closed web sources. If a threat actor posts the dataset for sale on a dark web forum or dumps it on a Pastebin site, the monitoring system will detect it and your company – the data custodian – will know exactly which dataset is compromised and can swiftly and accurately notify those involved and take steps to have the data taken down. skurio.com
RkJQdWJsaXNoZXIy NDUxNDM=