Ask The Cyber Security Expert: Is cyber security hard?
The Cyber Security Expert is often asked ‘is cyber security hard?’. The obvious answer is yes, and here’s my invoice. Kerching.
The real answer is more complex – it’s not quite ‘no’ but its certainly the impossible task it can sometimes be described as in the more excitable newspaper reports and security industry press releases.
So what is cyber security?
Put simply it means protecting information that resides, and services that depend, on computers and networks.
So what does it mean to me?
Well, as with most things, that depends. As I said above cyber security is all about protecting information and services. So what it means to you depends on what information you have and what services you offer.
All companies have information they want to protect, from customer data through to details of sophisticated widgets they design. Likewise all companies offer different services in different ways – if you offer online services then keeping your website up and running is going to be a priority. If your website is just a picture of the board and some contact details, it probably isn’t so important.
Ok, I understand that, but what can I do?
In practical terms considering the above will inform how you spend and prioritise limited resource. Some basics are always worth following:
– Use strong passwords, and don’t use the same password at multiple websites. Write them down if you have to (hackers find it hard to read notebooks locked in a drawer).
– If you use cloud storage providers make sure you have all the security options enabled. Dropbox, Google etc all offer two factor authentication now – turn it on (two factor authentication just means you will receive a text to your mobile with a code before you can login, meaning any attacker has to have your username, password and phone).
– Keep your operating system and installed software up to date. All operating systems tell you when updates are available. Apply them quickly.
– Run antivirus. They are all much of a muchness from a security perspective, and the free ones work well enough too (though may be restricted to personal use only). If you have the money, sign up to an offsite email antivirus company (Symantec.Cloud is one service with a good pedigree but other providers exist). Microsoft offer a good suite of security tools – run them on your computers. Use the Malicious Software Removal tool if you think you might have something dodgy.
– Encrypt your laptops, and think about how your staff use mobile devices (we have blogged on both these topics before)
– Host your website with a reputable provider. If it’s important to you, don’t scrimp on the hosting. Talk to the provider about what security they offer. Do they include denial of service protection for instance?
– If you manage the website yourself, make sure you keep it up to date, and apply security fixes as soon as they become available. Make sure default accounts are disabled. Make sure any accounts have strong passwords. Don’t forget to back it up. Run a website vulnerability scanner to check for common issues. There are online tools available, some free, but usually fairly cheap anyway.
Will all this keep me safe?
It’ll help certainly. This is just a primer. The key message is that cyber security doesn’t exist in a bubble, and isn’t a problem that is fixed by expensive technology (expensive technology applied selectively can help, but without the basics it will fail). It is also not some incomprehensible topic that can only be understood by people with lots of letters after their name.
The Cyber Security Expert