Cyber security and Information Security can be cloudy businesses for most industry outsiders and non-technical individuals. Unfortunately, this often means that people only realise its importance when they are in the middle of a crisis. I have listed the core activities performed by Cyber Security companies below, specifically how we work at Spector, Information Security. Simply read on the topic of your choice for an explanation of the activity and how it can bring value to your business. Patch Management What is it: Patch management is the process of repairing vulnerabilities in infrastructure systems. It is vital to reduce risk and mitigate threats to your business. Once a vulnerability is discovered, it usually takes cybercriminals only a few days to learn how to exploit it, so this is an ongoing and critical activity. How is it Done: To ensure Patch management is successful, the following process should generally be adhered to: Evaluate Patch – Test patch – Approve patch – Deploy patch – Verify Deployment At Spector, Hardware patching is rolled out by engineers once they have been tested and Verified, to ensure that it will not cause errors. Critical third-party software patches are monitored by Spector engineers who advise clients when patching is required. We can conduct all of this in the background, so it will not hurt productivity. Data Back Up and Disaster Recovery What is it: Second only to its employees, a company’s most important asset is its data. It is therefore critical that data remains confidential, authentic and available throughout its life cycle. For this reason, a Cyber Security company will always have it as one of its priorities. Back up is the process of copying data and storing it to prevent loss of vital company information. What is less well-known and just as important, is the concept of Disaster Recovery: the act of restoring these copies to a live environment. In short, this implies knowing how long it will take for your systems to be back up and running again, and how much data has been lost in this process. Disaster Recovery is crucial so stay tuned for a further article on this topic very soon. How is it Done: First, we must develop a Business Continuity Plan to define exactly what the procedure will be in the case of a disaster. Then we will discuss what the recovery objectives are, in terms of data and time, to define the best solution. We at Spector provide onsite and cloud backup solutions, and regularly test these backups to ensure client data remains available and that recovery is possible. Access Control What is it: Access control is the process of implementing Security Controls to regulate who has access to resources in a computer environment. Assets and resources should be identified, then classified based on their importance and confidentiality. This ensures that only the appropriate employees have access to critical data for their roles, such as the company’s financial report or strategic plans. Access control is essential for Cyber Security as it minimises risk and prevents Data breaches within your business. How is it Done: At Spector we tend to manage Access Control through some simple procedures and tools. First, we use Active Directory groups, which are levels of access that employees will be assigned to. These groups are then assigned to resources, such as files and folders, and members of the groups are allowed to access these particular resources Tools as Multi-Factor Authentication (explained below) and Single Sign-On may also be used to define these levels. A Single Sign-On portal is a location for all your applications, which is protected and restricted for company members. With this portal in place, users don’t see the actual passwords for individual applications and can be easily added or removed, ensuring protection. Firewall Management What is it: Firewalls are the first line of defence for your company’s infrastructure. They block or allow unauthorised traffic, both inbound and outbound. Having a firewall is great, but if it is not monitored, patched and its alerts being responded to, then it is not really doing its job – and thus bringing a massive risk to your business. It is the equivalent of leaving your company with its office doors wide open. How is it Done: Firewall management is the monitoring of internet traffic in and out of your company. A Cyber Security company will acquire and configure your firewall, to ensure maximum safety. We will also monitor the firewalls 24/7/365 and receive reports directly to our service desk. Therefore, if an intruder comes along, we will know immediately and block his access. Anti-Malware What is it: Anti-malware – which also includes Anti-Virus – is a security application designed to detect, prevent and remove malicious programs and codes from Information systems. It can also provide protection for online browsing, communications and transactions. Anti-malware protection is a must for companies to protect against the ever-evolving cyber security threats. How is it Done: At Spector we provide Anti-malware protection through our partners, on a subscriptions model which will cover the company’s computers, laptops, servers and mobile devices. We will manage the alerts and patch the software to ensure it is operating effectively. Having anti-malware protection in place can prevent the loss of data, reputation and finance. Multi-Factor Authentication What is it: Multi-Factor authentication is the method of a user proving his/her identity by providing a minimum of two instances of authentication – something they have, something they know or something they are. The main benefit of Multi-Factor authentication is the extra security provided by adding multiple layers of protection. Indeed, the more layers a company has in place, the less risk it has of an intruder gaining access to their network resources. How is it Done: We can configure your systems and critical applications to set up Multi-Factor Authentication. Spector uses third party applications, tokens and Single Sign-on portals to provide Multi-Factor authentication. These tools will generate a code to the user that must be typed in or activated for login – this ensures that a cybercriminal will not have access to your accounts, even if they know your password. Email and Spam protection What is it: E-mail is one of the main online gateways into a company, and one of the most used channels by Cyber Criminals. Phishing attacks, viruses and Spam are more than a nuisance and can compromise data and systems very quickly. A sophisticated Cyber Security company will usually offer these types of services too. How is it Done: We utilise a third-party software, The E-Mail Laundry, to set up filters and analyse sender domains and email servers. The E-Mail Laundry also scans for specific keywords, attachments and techniques used by spammers to identify if a message is safe. We are constantly monitoring the software’s activities, and if it finds suspicious content, it will send the user a quarantine report where we can decide to either release or block similar messages. Endpoint Encryption What is it: Encryption hides information in plain sight, by translating it into a code that cannot be easily guessed. Only individuals with the specific encryption key will be able to access the information. It is becoming increasingly important as workforce becomes more mobile, with laptops and tablets that contain critical data. If an employer loses one of these encrypted devices, he could rest assured that classified data would not be compromised. How is it Done: We will encrypt and protect the devices’ disks, meaning that anyone without the user’s credentials cannot access it. From then, the information will be automatically encrypted. For the employees it is as simple as typing in your username and password, but for a criminal it is almost impossible to access. Training and Education What is it: Security awareness training is a formal process to educate employees about cyber security and data protection. It is one of the most important activities a company can take part in, as the Companies employees are its front line of defence. This is especially important today as Social Engineering and Phishing attacks are becoming more and more common. How is it Done: A good security awareness program should educate employees about the corporate policies and procedures for working with information technology. We normally train people through awareness training videos and tests, which enables people to learn in their own time. Subsequently, we will keep them vigilant through eventual Phishing email tests, designed to fool employees and alert them about threats. These procedures can later be used to provide proof of training for Auditors and to reiterate how much a company cares about Cyber Security. Cyber Security Policies What is it: A Company’s policies are high-level principles and guidelines adopted by an organisation to communicate its goals and expected outcomes. Without policies a company does not have a blue print to work towards and standards can widely differ throughout the Company. Therefore, having a set of policies should standardise how a Company works and the expected levels it works to. How is it Done: Establishing a policy should be the first step in terms of Cyber Security, as it serves as the base for defining procedures and technology. If policies are not in place, then there will always be an extra risk element decided by chance. We at Spector can provide a number of IT and cyber security related policies, along with a framework for a company to work towards. This is an imperative for reaching Organisational Maturity.