If you're in a business, you need to make sure things are secure. It's not something that should be taken lightly. You need patches, alerts, antivirus, email security, dark web monitoring, and your device updates and multi-factor authentication. With so many options, it’s hard to know what is essential and what is nice to have.
What Does A Base Level Of Cybersecurity Look Like?
Nowadays, the risk is real for every business, whether it's a small business or a large enterprise. Large enterprises have been in this space a lot longer, so they're more experienced. They have a lot more tools and a lot more awareness of what's going on in the landscape when it comes to cyber security.
However, small to medium-sized businesses don't need an enterprise level of security. You could maybe purchase a few products to give you a base level of security, but realistically, when it's a business, the base level is having a managed services provider to remotely monitor your systems.
Microsoft 365 Cyber Security
Many businesses have Microsoft 365. Some may use Google Workspace, but we're going to speak about this from a Microsoft 365 perspective. Once you've got your remote machine management set up and working, the next basics you need to look at are antivirus software and email security - a system that's scanning your email.
The Microsoft 365 platform has email in it, but it's got a very basic level of security. You will also need some of the products out of the Microsoft 365 Defender suite which works within Microsoft 365, at security.microsoft.com. If you've got administrator access, you can go and see that now. One of the real benefits of using Defender is you get a secure score. Microsoft benchmark you against other businesses of your size and provide a score to show you how you compare.
An enterprise requires a higher level of security than a small business. So a really large business might want a secure score of upwards of 70 to 80%, but that might be too restrictive for a small to medium-sized business. And typically, for a medium-sized business with 20 people, the secure score that is acceptable is about 40%. So if you're above that by, say, 5% or 10%, then that's a really good place to be.
If you do want to go to a more secure level, you simply follow all the guidance within Microsoft 365's Defender suite. You can look at a list of actions to review, which makes it easy to work through and see the score impact of each as well. For example, turning on real-time protection for Microsoft 365, might increase your score by 0.85%, which is quite high, really.
So, if you're running Microsoft 365, you can just go to security.microsoft.com, and immediately it'll give you an idea of your score. If you're below the average for your business size, I would strongly advise trying to follow the guidance the system provides or engaging with a managed services provider.
If your business has Microsoft 365 Business Premium licences, that will give you a base level of products you can use, but not a base level of security. You have to configure the products individually. Business Premium will, however, give you email security.
Dark Web Monitoring
You should also consider dark web monitoring. Have your credentials been compromised in any way? Have you input your password into a system that concerns you? Or have your details have been compromised in a large company data breach? Have you used the same password as the compromised one on other systems? If a database has been leaked onto the dark web, then you want to know about it as early as possible.
Dark web scanning is included even with the most basic password manager these days. Systems like LastPass will give you a health check on your email address and your passwords and let you know if any of your passwords have been leaked on the dark web. With a managed services provider, you have access to dedicated, specialist products like IDWeb which monitor every email address you have. It also monitors your supply chain, meaning that you get an email alerting you that one of your main suppliers has had a breach, and you can be more vigilant about emails that appear to originate from them. Maybe one of your suppliers has sent you an invoice that looks a little bit different. If you've got dark web monitoring in place, then you're going to be alerted to that as well, which provides early warning.
Local Administrator – Prevent unauthorised installation of apps
A simple (although can feel a little bit clunky) solution to prevent unauthorised installation of apps is to set your computer up as a standard user, this prompts you to input an administrator password. Make sure to have an administrator account as well. For larger businesses there are applications you can use to manage this. 80% of malicious software installations can be prevented in this way.
Networking Equipment
One thing that people tend to forget about in a base level of security is all their networking equipment such as your router, your switches and your firewall. There needs to be security on these too. If you use the free cyber essentials gap analysis checklist on the IASME website, it will give you some guidance on what you need to remedy. One of the things it covers is changing your router or your switches away from the default usernames and passwords? It’s very common to leave them as they are when you first set them up.
A few years ago, there was a vulnerability with one of the brands, I think it was Draytek, where hackers were able to easily access a firewall from outside their business. In that situation the firmware needs to be updated. Firmware is the operating system that every piece of electrical equipment has in order for it to work. As it can have vulnerabilities, the manufacturers update it and you need to keep on top of these updates.
Multi-factor Authentication
Multi-factor authentication is the most basic level of security you can put in place for your business. Make sure you've got that second layer. You have your password, and then you have your prompt for either your six-digit code, a fingerprint, Windows Hello, Microsoft Authenticator or any kind of authenticator. We can’t say it often enough: make sure you've got multi-factor authentication! If a system won't offer multi-factor authentication, I would question whether it's secure enough to use.
Email Domain
You also need to check the domain name for your email addresses. There is a lot of information that is sent with an email that the sender and recipient don’t see, including the SPF record, the DKIM and the DMARC records. These records are like hidden messages in the code of an email to let the receiving email system know, "Hey, this is safe." Think of the DKIM and DMARC records as a kind of credit check for your domain name for emailing. If you want to make sure that your emails are going to be delivered, not just to a client, but to their inbox, then make sure these things are set up, your SPF record, your DKIM and your DMARC record. They are very simple to do and we would definitely recommend that they are in the base level of security.
What Is A SOC?
A SOC is a Security Operations Centre which is a subscription-based product where your systems are monitored 24/7 by human beings. They can connect to your systems, look at computers and manage the computers without actually remotely controlling them. More importantly, they can go into the back end of the computer without interrupting the person who is using the computer. The MSP team can remotely create and manage tasks and do technical things in the background while the end user continues working. There are also a range of automated actions that happen in the background. If a managed services provider has set their remote machine management system up correctly, it will carry out proactive and reactive fixes automatically. For example, if disks are running out of space, it can trigger certain automated tasks and you can open and close jobs based on this.
Base Level Of Security Roundup
Remote machine management is really there to make sure that all your systems are patched and up to date - all your software and your hardware as patching and security updates are really important.
Setting yourself as a standard User can reduce 80% of malicious software installations. Use windows system settings to check if your user account is “Standard User” or an “Administrator” if you are and administrator, set up a separate account as an Administrator, then set your account to Standard.
Alerts are vitally important as well so that you are aware of any problems, and that includes dark web monitoring to make sure that your credentials haven't been compromised online and if they have, you know quickly, so you can do something about it
Antivirus is definitely a base level and you can get various different levels of protection.
Email security, is also very important; a high percentage of hacks happen through email so you need to make sure you have good email security
Network and device updates must be done promptly for each person using a computer.
Finally, multi-factor authentication, multi-factor authentication, multi-factor authentication. It is key to keeping your systems secure, by making it difficult for somebody to break into them. Many systems now offer it by default, but many still don't.