During October, BH Consulting has been sharing daily advice about digital security and privacy on its social media channels as part of EU Cyber Security Month. This blog gathers together all of these tips into a single place. As each week goes by, we will keep adding to the content, in descending order. By the end of October, it will be a single resource for security advice you can share with colleagues or friends and family.
We kicked off week two of EU Cyber Security Month with a reminder that information security covers more than just data. Having a clean desk policy at work can protect important information in physical documents, as well as computers. Here’s a good sample policy developed by SANS Institute.
Our second tip of week two covers a key starting point for any good security plan. Knowing what data you hold helps in making choices about what level of protection it will need. (This is also an important part of privacy and data protection strategy, too.) We recently blogged about classifying data in this way, referring to IBM’s recent decision to ban USB storage keys.
Day three was a reminder that data breaches and security incidents are crimes. By reporting these cases to police, victims not only help with the investigation of their own incident, they also contribute valuable information to help law enforcement tackle cybercrime.
Next, we explained how digital forensics capability can help in tracing internal security incidents. Companies with the security resources in place can set up their own digital forensics lab without needing a large investment. Having an in-house lab allows security teams to carry out inquiries into everything from a security breach to HR issues.
Rounding out our advice for the week, we focused on the importance of risk assessment. This is where security and business goals meet. The key to developing solid risk assessment is to have a repeatable approach that guides your decisions. For this tip, we linked to David Prendergast’s excellent blog with advice on developing just such a risk assessment framework.
Our first tip raised awareness of the need to prevent CEO fraud and fake invoice scams in your business. This is easy to do and doesn’t need technical fix; it’s just a matter of changing your business processes. Anyone with access to payment systems should check with a colleague before paying money to unfamiliar accounts. Here’s a link to a recent blog we posted about this.
Tip number two covers ransomware, which is one of the most widespread security threats today. Regularly backing up your data can help you recover from a ransomware infection. You’ll find more details here.
For our third tip of the week, we looked at phishing: one of the most effective tactics in an attacker’s arsenal. One of the best investments you can make is in security awareness: train company staff to spot fake emails.
We use so many different online services and invariably, they all ask us for a password. It’s vital to use different pass phrases a password manager when logging in to these services as securely as possible. Here are our tips on what to do – and not to do – when choosing a password.
For our last tip of week one, we covered data breaches. Unfortunately, they’re all too common and there seems to be a new incident on an almost weekly basis. Planning and preparation in advance of a possible breach means you’ll be ready to react if the worst happens. In today’s climate, you’ll be judged not on having suffered a breach but how well you respond to it. Here’s our advice for putting that plan in place.