Over recent years there have been two key trends in cibersecurity. The first is a growing tendency for attacks to be made by professional organized groups looking for profit, rather than amateur hackers wanting to prove their ability. The second is the growing recognition that good defence is more about process and people than the technology used itself. The 10 point checklist we suggest to improve cibersecurity are:
Provide all staff with cibersecurity training to provide awareness about their role in preventing attacks and the procedures staff need to carry out.
Maintain up to date all software, especially firewall and antivirus software on all equipment, including mobile phones.
Restrict use of software (installed and on-line) to authorized applications. Pirate software and web sites are frequently sources of malware.
Safe practises when using internet and email, such as not opening mail, clicking on links, or being invited to log in to accounts (phishing). Attacks are becoming more sophisticated and will frequently come from (apparently) trusted sources such as banks, suppliers or friends. Anything which seems suspicious should be avoided and reported to IT staff.
Tried and tested back up procedures to ensure that all critical systems are backed up, and to ensure that they actually work when needed.
Robust password procedures, ensuring passwords are sufficiently complex to avoid dictionary attacks and ensuring that passwords are changed regularly
Monitor systems for unexpected activity
Physical security for computer and network installations.
Avoid using public access to network (eg. wifi in airports and hotels which may not be secure)
Identify vulnerabilities and make contingency plans to reduce disruption from attacks
Make regularly cibersecurity audits to ensure that staff understand and apply the procedures.