Cyber security is a team effort. Whether you’re an employee, a security admin, or a security leader, each person plays a crucial role in leading to a safer digital environment. In this security essentials checklist, we cover a few insights to keep you and your business protected. It covers fundamental hygiene checks everyone should practice to strategic steps leaders should take to ensure their organisations’ security posture is in check. Together, we’ll stay vigilant, secure and resilient!
Here at ANS, our experts offer 24/7/365 support from our UK-based SOC, giving you peace of mind. With us, your security is our top priority every day, all year round.
1. Stay off the public Wi-Fi: Don’t use unsecured or public Wi-Fi networks to access sensitive company data. Install and use a virtual private network (VPN) to work on unsafe networks.
2. When in doubt, don’t click: This is common knowledge, but hackers are getting so sophisticated that they create convincing emails that can trick anyone. Don’t trust the display name; verify the source, inspect URLs, and watch for typos.
3. Don’t send files to personal emails: A void sending sensitive customer and company info to personal email addresses to prevent data exposure, GDPR violations, and unauthorised data processing.
4. Log out of websites when you’re done using them. Staying logged in increases your risk of exposing your credentials to criminals.
5. Lock your laptop when you are away from your desk, even if it’s just for 3 seconds, to prevent unauthorised access.
6. Admin, watch out: Use separate accounts for admin duties. No emailing, web browsing, or other activities from the admin account to avoid exposing privileges.
7. Implement role-based access controls for systems handling sensitive customer data like CRMs.
8. Conduct regular security audits: Regularly review and assess your systems, networks, and policies to promptly identify and address vulnerabilities.
9. Set up a secure gateway for remote workers: If employees work hybrid or remotely, ensure they access the server through a secure gateway such as the Zero Trust Access Network.
10. Security training for employees: Teach them how to respond to data leaks or suspicious links through training sessions and mock simulations.
11. Know your threats: Tailor security investments to your organisation’s specific threats. Prioritise your defences instead of trying to protect against everything.
12. Anticipate future threats: Look beyond immediate threats. Integrate research insights, threat intelligence sources, internal capabilities and third-party tools for a proactive defence.
13. Develop a positive security culture: Ensure cyber policies are developed by collaborating with people. Encourage them to spot issues and suggest improvements.
14. Identify critical assets: Know your assets, identify which are critical, who is responsible for them, what it is used for and where it is used to protect them from being compromised.
15. Establish a security strategy: Develop an action plan to improve security posture. Address critical concerns, incident response, and training protocols.
16. Embrace the Zero Trust principle: Trust no network, even your own. Don’t assume connectivity grants unrestricted access within a network. Verify and authorise each data or service against an access policy.
17. Double-edged AI sword: Prepare for AI-driven attacks that mimic human behaviour. Use AI-powered security solutions to counter these threats effectively.
18. Protect your AI & ML environments – Prevent attackers from doctoring and stealing your AI/ML models and intellectual properties using Zero Trust Principles and modern security operational tools such as Sentinel & Defender for Cloud.
19. Supply chain security: An attack on your suppliers impacts you too. Integrate security into your contracting decisions to ensure suppliers meet your requirements.
20. Collaborate with experts: Partner with a specialist security service provider like ANS to prevent, detect and respond to threats.