Last month we published the first of a two-part series on the best cyber security guides and articles on the web. It covered advice on educating your employees about cyber security, guidance for the board and tips for small and micro businesses.
The article was written for anyone increasingly concerned about the threat to their data and looking for advice – you can re-visit part-one here .
This month, in part-two, we point our lens at ransomware, the insider threat, guidance for suppliers to HM Government and there’s even a plain English guide to all that cyber security jargon.
Guidance on Ransomware
Even before ransomware hit the headlines this year, Ascentor had written a series of guides with the theme of ‘Back up – or pay up’. That’s because we believe that the most effective strategy to avoid being held to ransom by the cyber criminal is to regularly back up your data so you can restore files without having to pay up, should you be infected.
Our guides are written to advise on basic backup strategies and give tips on preventing an attack, specific to the size of organisation.
You can read each here:
- Larger enterprises – a defence in depth strategy
- Top tips for SMEs
- Organisations or home users working from a single computer
As you would expect, the NCSC is also an authority on ransomware, publishing its Protecting your organisation from ransomware guidance. They provide an overview of ransomware, suggest some simple steps to prevent a ransomwareincident,and advise on what to do if your organisation is infected by ransomware.
Finally, the Daily Telegraph provides a helpful article on How to protect yourself from ransomware – with a number of tips on how to protect your organisation along with some examples of the most common UK online offences. Their advice concurs with our own – the best protection against ransomwareis to regularly back up.
Guidance on the Insider Threat
By this we mean people working inside your organisation with access to your data – as direct employees or contractors. There are ‘malicious insiders’ who, as the description suggests will deliberately steal or sabotage information (e.g. an employee with a grudge) and ‘negligent insiders’ who innocently compromise your data (e.g. the device accidentally left on the train). Either way, they can wreak havoc and cost a lot of money.
Ascentor’s own research on the insider threat, TheHuman Face of Information Risk found that millions of employees would deliberately sabotage their employer by way of its information – so we’ve always kept a close watch on insider threat tips and advice.
The Centre for the Protection of National Infrastructure (CPNI) published a comprehensive report, Managing the Insider Threat in 2013 – which is still very relevant today. It helps identify the types of insider threat and the incidents that may occur. We like the inclusion of advice on spotting the warning signs and protection tips (a mixture of prevention & early detection).
The following two recently published 2017 articles help organisations understand insider threats and offer suggestions for reducing such threats and their impact.
Thearticle by Tripwire covers their causes and makes suggestions on preventative measures . It takes the view that every organisation will face an insider-related breach regardless of whether it will be caused by a malicious action or an honest mistake. It’s much better to implement the necessary security measures now than trying to repair the damage later.
The article from TechRepublic considers insider threats a greater risk than external attacks and offers 10 tips for reducing insider security threats .
Guidance for suppliers to HM Government
At Ascentor we have over a decade of experience advising central government, defence organisations and wider HMG suppliers about cyber security and IRM issues. We strongly believe that a well-balanced IRM approach will reduce the risks to the government information you hold and deliver wider benefits – reducing costs and strengthening your business.
Our guidance for government suppliers includes:
Facing the Cyber Threat – A Free IRM guide for HMG suppliers: We cover how to balance information risks with your commercial concerns, what IRM means to your business and how to implement IRM – a practical 8-step action plan.
How to prepare your company for achieving List X : Does your contract require you to hold sensitive government assets on your own premises? If so, you’ll need List X status. This article shares some pragmatic steps you can take to get you up and running as a List X company much quicker.
The Cyber Security Model for the Defence Industries (CSM) : If your contract is with the MOD, your corporate IT system will also need to comply with Cyber Security Model requirements.
What do all those cyber security terms mean?
Finally, we thought we’d end with what we think is a useful glossary of terms. While some cyber security language now seems almost commonplace, there are still some terms that may need a little explanation.
So, from botnets to worms, we hope the The ultimate plain English guide to cybersecurity buzzwords will help.
From ransomware to the insider threat, if there is one piece of advice that sits above everything it’s that prevention is much better than cure. The message within many of these guides is that cyber security controls don’t need to be complex or cutting edge to be effective.
As we said in part-one of this series , basic measures can defeat the majority of basic attacks – but only if they are put in place.
For further information
If you’d like to discuss how ourconsultants could advise on any aspect of cyber security, please contact Dave Jamesat Ascentor.
Email: [email protected]
Office: 01452 881712