Keeping your cybersecurity strategy protected to the highest standards

With the threat landscape continuously evolving, businesses and organisations have their work cut out to ensure they remain protected. A cybersecurity strategy is essential now as an attack can disrupt a business’s operations and severely impact its reputation and the bottom line.

Thankfully, you can beef up your security practices through some simple steps, which is why Ciara O’Reilly, head of business propositions, products and operations at Three Ireland, gives us her top ten tips to do this.

1) Ensure password best practices throughout the organisation

Passwords are the bread and butter of cybersecurity protection, and O’Reilly recommends adopting a strong password that is not identifiable and is unique to other passwords. She advises using phrases, lyrics from a song or a sentence from a poem as passwords.

In addition, she recommends adding multi-factor authentication to give extra layers of protection.

“A business should be adding a second (or third) layer of protection by using Multi-Factor Authentication (MFA),” she said. “This could be enforcing biometrics, using an authenticator app or both.”

2) Implement or improve cybersecurity training

All businesses should include cyber-training as part of a company induction and quarterly training for existing employees, said O’Reilly.

By keeping those skills fresh and at the front of their minds, you ensure that all staff are following best practice. Similar to how we look both ways before we cross the road, we all need to double check that email, text, or WhatsApp link before we click on it.

“Just like you would plan for a fire drill, it is best practice to have a plan of action should your company be subject to a cyber attack,” she said.

3) Protect against malware and security threats

“Threat Protection is probably the biggest topic in the cyber-security industry right now,” explained O’Reilly. “These bad actors sit on the network for weeks or months, gathering enough data before they unleash an attack. A business must have visibility into all suspicious behaviour, report, then remediate at speed.”

Being on the hunt for threats is essential now and O’Reilly highlighted Three Ireland’s services to help this such as 3MobileProtect powered by Corrata.

4) Keep regular backups of key systems and data

If an attacker is successful, you can risk losing access to all your data and severely disrupting your operations.

That’s why it’s crucial to have copies securely stored off-site while checking that they work.

“Three has successfully migrated the HSE Healthmail solution into a fully secure cloud solution, so we have experience in helping customers move seamlessly key systems into the cloud,” she said.

5) Apply new security patches to everything

One of the more straightforward actions you can take is to ensure all your devices and software, like operating systems (OS), apps, services, and web browsers, are patched automatically.

These patches bring essential security updates, so it’s worth having Mobile Device Management (MDM) or Unified Endpoint Management (UEM) systems in place.

“Three has propositions for MDM and UEM with Citrix, Microsoft, Ivanti (MobileIron),” said O’Reilly. “Visibility into endpoints is seen as the first step in modern-day security. Ensuring a device has the latest security updates and patches can be controlled and enforced with MDM or UEM systems.”

6) Encrypt sensitive data

Once you have endpoint management, identity management and threat protection and reporting in place, this is seen as the final step.

“DLP (Data Loss Prevention) and labelling of data is critical for those who wish to be GDPR compliant,” she explained. “Encryption, conditional access and labelling of data are all propositions Three can help with using Microsoft solutions (via CWSI) to help with this.”

7) Have firewalls and the latest firmware installed

O’Reilly recommends allowing and blocking certain websites or IP addresses and the importance of updating to the newest firmware for all your devices.

8) Encrypt WiFi and regularly change its password

“Wireless encryption is standard practice to secure your wireless network with an authentication protocol,” explained O’Reilly. “Without this, unauthorised users could access your network and obtain information or use your internet connection for malicious or illegal activity.”

9) Use a Virtual Private Network (VPN) when accessing systems over public WiFi or insecure networks

If you’re on public WiFi or an insecure network and need to access systems, doing so over VPN is essential. That said, O’Reilly mentions how VPNs are becoming obsolete, with web applications becoming more accessible and encrypted with strong, robust cryptographic protocols.

“Three’s SD WAN solution includes provision of secure VPNs from office sites,” she said.

10) Develop an incident response plan

“This is hugely important,” stated O’Reilly. “A cybersecurity incident response plan should be as important as a fire escape plan. A business must have a set of instructions in place to help prepare, detect, respond to, and recover from network security incidents.”

When asked about the top tips, O’Reilly again mentioned the importance of implementing or improving cybersecurity training for staff and having visibility into all endpoints to ensure the latest security patches and OS updates are in place.

On top of that, identity management, such as enforcing passwords, biometrics, MFAs and utilising single-sign-on methods, is crucial, as well as threat protection and detection and, finally, data loss protection, labelling and data encryption.

She also recommended speaking to experts like Three’s security team who can help you understand your business security challenges and ensure the right security measures are in place to protect your business now and into the future.

To find out more, visit three.ie/business