Skip links
Contact ADAS
ADAS Ltd
Cover to Unlocking Cyber Safety
Published in: Uncategorized

Unlocking Cyber Safety

Author
Published on:

Welcome to our latest blog relating to IASME Cyber Essentials. This scheme helps organisations, especially smaller businesses, protect themselves from common cyber threats. Today, we will cover the five control areas of Cyber Essentials, providing actionable recommendations and advice tailored for small businesses where cybersecurity might not be the primary skill set of the IT team.

Firewalls

Definition:
Firewalls are critical for monitoring and controlling incoming and outgoing network traffic based on established security rules.

Recommendations:

  • Implementation: Install a firewall for all devices that connect to the internet (e.g. routers, computers). Many routers come with built-in firewalls that should be enabled.
  • Configuration: Start with default settings but consult with available guides or professionals to tailor them to your business needs, focusing on blocking unauthorised access.
  • Regular Updates: Ensure your firewall firmware is kept up to date to protect against new vulnerabilities. Most hardware manufacturers provide automatic updates—enable this feature.

Advice:
Consider using simple firewall solutions with user-friendly interfaces specifically designed for small businesses. Seek help from your IT provider for the initial setup and configuration or speak to us at ADAS-LTD for support. 

Secure Configuration

Definition:
Secure configuration focuses on setting up devices and software in a way that minimises vulnerabilities.

Recommendations:

  • Initial Setup: When deploying any hardware or software, follow the manufacturer’s instructions closely, ensuring all default usernames and passwords are changed and unnecessary features are disabled.
  • Use of Security Baselines: Refer to security baseline guides specific to the operating systems and applications you use. These can provide a clear framework for safe configurations.
  • Review and Audit: Schedule regular reviews (e.g. bi-annually) of your configurations to identify and rectify any potential gaps.

Advice:
For staff unfamiliar with technical configurations, consider leveraging ADAS-LTD and our cyber consultancy services that can help establish and review secure configurations tailored to your setup.

Security and Update Management

Definition:
This control area involves ensuring that all systems are kept current with the latest security updates to combat vulnerabilities.

Recommendations:

  • Automate Updates: Enable automatic updates for operating systems and applications wherever possible to guarantee timely installation of security patches.
  • Regular Check-ins: Set a recurring reminder (e.g. once a month) to check for updates on critical applications (like antivirus software and productivity tools).
  • Patch Management Policy: Draft and implement a simple patch management policy outlining roles and responsibilities for overseeing updates.

Advice:
Use cloud services that handle updates for you, which can reduce the burden on your IT team. Training staff on the importance of updates can foster a culture of proactive cybersecurity awareness.

User Access Controls

Definition:
User access controls dictate who in your organisation can access specific data and systems, helping to prevent unauthorised access.

Recommendations:

  • Role-Based Access Control (RBAC): Assign permissions based on specific roles within the organisation. Only give staff access to the data they need to perform their job functions.
  • Implement Strong Password Policies: Encourage the use of strong passwords through guidelines and consider deadlines for password changes.
  • Regular Access Reviews: Perform quarterly audits of user accounts and permissions to ensure continued appropriateness.

Advice:
Utilise user management systems that are simple to use and provide visual controls for access levels.  ADAS-LTD provides a cost effective and friendly SAT (Security Awareness Training) session for non-technical personnel on cyber best practices that can help protect your business from the most common threat (the insider and mistakes) and support adherence to your security policies.

Malware Protection

Definition:
Malware protection involves preventing, detecting, and responding to malicious software threats.

Recommendations:

  • Install Antivirus Software: Ensure reputable antivirus software is installed on all devices, and set it to update automatically.
  • Conduct Regular Scans: Schedule regular scans (monthly or weekly) for all systems and educate staff on how to perform them if automated processes fail.
  • Email and Web Filters: Implement email filtering solutions to block phishing attempts and suspicious websites, reducing malware entry points.

Advice:
Choose antivirus solutions that provide simple dashboards for monitoring and alerting. Offering training sessions on recognising phishing emails can immensely strengthen your defence against malware. ADAS-LTD can provide a discounted rate for BitDefender software to help protect your business. 

Implementing the IASME Cyber Essentials framework is crucial for small businesses aiming to bolster their cybersecurity posture. By focusing on firewalls, secure configurations, security and update management, user access controls, and malware protection, you can create a more secure environment.

Next Steps:

  1. At ADAS-LTD we can conduct an initial assessment of your current practices against these five controls.
  2. We can advise on how to prioritise implementations based on available resources and potential vulnerabilities.
  3. Engage with us for guidance and support.

We are here to answer any questions and help your organisation take actionable steps toward improved cybersecurity. Email info@adas-ltd.com 

Leave a comment

Explore
Drag