Cyber Security

Spring Cybersecurity Cleaning

By August 2, 2020 November 4th, 2020 No Comments

Spring clean your security systems

 

Spring is in the air! Traditionally, this is the time of year for refreshing, renewing, and cleaning your home to get it looking good and functioning well for summer fun. This outlook can be applied to many other things too—and particularly in New Zealand where the festive season coincides with the start of summer, it is a good idea to get your life or business organised before the holidays hit.

Getting your cyber security measures in order during springtime will set you up for a safe summer. This is the time when people are often in and out of the office (whether that’s a shared office or a home one), everyone is a little more relaxed, and guards are often down. An ideal target for cybercriminals to target! Shoring up your security in the springtime means less chance of an attack. A successful attack, that is.

The following are a few simple tips to help you spring clean your cybersecurity.

 

Backup checks

Backing up your system or network is a safeguard against any type of cyber attack which erases or modifies your data. Backups are essential to the continuity of operations. They are the ambulance at the bottom of the cliff that is there in case the fence at the top fails, and if there’s anything to know for sure about cybersecurity it is that threats are always changing and you can never be 100% safe!

In the springtime, we suggest checking that your backup system is working effectively. There are myriad ways that organisations back up their data, and varying frequencies, encryption methods, online storage, and offline storage. Whatever your system, take time to make sure that it is doing what it is supposed to do and that you can access your data should it be erased from where it is usually stored.

 

UPS check

A UPS is an Uninterruptible Power Supply. For a company that relies on servers and other electronic devices running constantly, it is hugely important. In New Zealand, daylight savings—which happens during springtime—is the cue to check the smoke alarm batteries. Why not use it as a reminder to make sure your UPS is ready to spring into action if it’s needed?

 

Update AV signatures and AV scanning

Antivirus signatures allow your AV software to recognise—and therefore deal with—viruses. Keeping them up to date is key to ensuring your software, an essential cybersecurity tool, remains as effective as possible. This should happen automatically, but it’s always a good idea to check that everything is working.

Similarly, it’s important to take a look at your AV scanning and check that all automated scans are still running and whether there are manual scanning processes in need of an update. Is there anything you should add to the protocol, such as a vulnerability scan?

 

Automated monitoring and logging

Recording of information accurately is essential to security. Knowledge is power. During your spring cleaning sessions, check that your logs are not being overwritten—or if they are, that you are happy with the length of the period that information is being retained. Any logs you have should be backed up, centralised, and secure.

 

Think about your vendors

Review the services you are receiving from third-party ICT providers. They should be as focused on security as you are—are you receiving regular assurance reports with adequate detail? What’s in your contracts? Are you happy with the security SLAs, or do you need to either establish or improve them?

 

Penetration test

A penetration test is a comprehensive test of security systems, in which the tester simulates attacks to determine any weaknesses and vulnerabilities. It provides valuable insight into how you can better protect your organisation against cybercrime, and should be done regularly. Your spring cyber cleaning could include scheduling a penetration test.

 

Take advantage of online resources

There are many cybersecurity resources out there which are free to use during your spring clean. For example, you could use haveibeenpwned.com to check whether email addresses (yours or those of your clients) have been compromised in a data breach. Breachalarm.com will allow you to check whether your password has been posted online. Although these are generally tools for individual security, they can be put to good use in an organisational setting too.

The ideas listed above are just a few ways you can check, improve, and build upon your cyber security measures this spring. For more in-depth guidance, get in touch with CANDA—we are the experts in cybersecurity and have helped many businesses to improve their ICT security profiles.