Cyber Security for Businesses: Core Recommendations

Before we begin, here’s a reminder why you need to do this.

Regularly install patches and updates

This is a vital element of cyber security for businesses, for several reasons:

1. Addressing security vulnerabilities: Patches and updates often include fixes for known security vulnerabilities. These vulnerabilities can be exploited by cyber criminals to gain unauthorised access to your systems, steal data, or cause other damage. Installing patches and updates promptly can prevent these attacks and protect your systems and data.
2. Fixing software bugs: Patches and updates often address software bugs and glitches that can cause system crashes, errors, and other issues. These bugs can also be exploited by attackers to compromise your systems or steal data. Installing updates can help ensure that your systems are functioning correctly and reduce the risk of security breaches.
3. Keeping software up to date: Cyber attackers are constantly developing new techniques and methods to exploit vulnerabilities and compromise systems. Software developers are also constantly working to improve their products and address new security threats. By regularly installing patches and updates, you ensure that your software is up to date and able to defend against the latest threats.
4. Compliance requirements: Many industries and regulatory bodies require organisations to keep their systems and software up to date with the latest patches and updates. Failure to do so can result in compliance violations and potential fines.

One often overlooked element of this is using old hardware, such as older models of smartphones and tablets that may not be able to update to the latest operating system. If you have a BYOD policy at work, consider whether your employees’ mobile devices could be a gateway to important data on your network. If so, you may need to provide up to date models of the phones and tablets they use so that their operating system is the latest version.

Overall, regularly installing patches and updates is an essential aspect of cyber security. It helps ensure that your systems and data are protected against known vulnerabilities and threats, and helps keep your software up to date and functioning properly.

Anti virus

The features of good antivirus protection as part of strategic cyber security for your business depend on the specific needs and requirements of your organisation. However, some key features to consider when selecting an antivirus solution for your business include:

1. Real-time scanning: Antivirus software should be able to scan files and programs in real-time to detect and remove any malware that may be present.
2. Malware detection and removal: The software should be able to identify and remove a wide range of malware, including viruses, spyware, adware, and ransomware.
3. Firewall protection: A good antivirus solution should have a built-in firewall that can prevent unauthorised access to your network and block malicious traffic.
4. Centralised management: For businesses with multiple computers or devices, it’s important to choose antivirus software that allows for centralised management and deployment, so you can easily monitor and update all devices from a single console.
5. Automatic updates: Antivirus software should automatically receive regular updates to stay up-to-date with the latest threats and provide the best protection possible.
6. Compatibility: Ensure that the antivirus solution is compatible with your existing systems, software, and hardware.
7. Technical support: Choose a vendor that provides reliable technical support in case you have any issues or need assistance.

When selecting an antivirus solution to form part of the cyber security for businesses, it’s important to research and compare different options, read reviews and user feedback, and consult with IT experts or consultants if needed. Also, consider factors such as the vendor’s reputation, cost, and ease of use. Finally, make sure to choose a solution that meets your business needs and requirements, and that can provide the necessary protection to keep your data, devices, and network secure.

Safe internet with DNS filtering

With the advent of cloud and remote working, it is imperative you protect users while they are working online. DNS filtering allows us not only to do this, but also to help protect your business and its reputation. DNS filtering can be an effective way to protect your business from cyber threats, such as malware, phishing, and other online attacks. It can enforce web usage policies and prevent employees from accessing inappropriate or non-work-related websites.

DNS filtering is a technique used to block or allow access to websites and online resources based on their domain name system (DNS) address. As part of preventive cyber security for businesses, it works by intercepting requests from a user’s device to access a website and comparing the requested URL against a list of known malicious or unwanted domains. If the domain is on the list, the request is blocked, and the user is prevented from accessing the website.

In addition to DNS filtering, there are other solutions that you can use to protect your business when your employees are using the internet, including:

1. Web filtering: This solution can be used to block access to specific categories of websites, such as gambling, social media, or adult content, based on your organisation’s policies and needs.
2. Endpoint protection: This solution involves installing antivirus, anti-malware, and other security software on each employee’s device to prevent and detect online threats.
3. Employee training: Educating your employees about safe internet usage, cybersecurity best practices, and how to identify and avoid online scams can help reduce the risk of cyber attacks.
4. Two-factor authentication: Implementing two-factor authentication on all business accounts can provide an additional layer of security and reduce the risk of unauthorised access to sensitive data.
5. VPN: A virtual private network can be used to encrypt internet traffic and provide a secure connection between the employee’s device and the company’s network, reducing the risk of data interception or theft.

It’s important to note that no single solution can provide complete protection against all online threats, and a multi-layered approach that combines different security solutions and employee training is often the most effective way to protect your business from cyber attacks.

Anti-ransomware protection

Ransomware is a type of malware that encrypts your files and demands a ransom payment in exchange for the decryption key to unlock them. It can be a devastating attack that can cripple your business and cause significant financial and reputational damage. Ransomware attacks are on the rise, and it’s essential for businesses to take proactive measures to protect themselves.

Ransomware protection is the process of implementing various security measures to prevent, detect, and mitigate the effects of a ransomware attack. Some of the measures businesses can take to protect against ransomware include:

1. Regularly backing up critical data: Regular backups of critical data can help ensure that you have a recent, clean copy of your data in case of a ransomware attack.
2. Implementing endpoint protection: Installing antivirus and anti-malware software on all devices, and ensuring that it is up-to-date, can help detect and prevent ransomware attacks.
3. Updating software and security patches: Keeping all software, operating systems, and security patches up-to-date can help prevent vulnerabilities that can be exploited by ransomware.
4. Enforcing strong passwords and multi-factor authentication: Implementing strong passwords and multi-factor authentication on all accounts can prevent unauthorised access to sensitive data.
5. Implementing network segmentation: Segregating your network into different segments can limit the spread of ransomware and prevent it from infecting your entire network.

Ransomware protection can benefit your business by preventing costly and time-consuming downtime, avoiding reputational damage, and reducing the risk of data loss or theft. It can also help you meet compliance and regulatory requirements and provide peace of mind that your business is protected against a growing threat.

The features of our 365 ransomware protection

With our data-independent Microsoft 365 security solution, we can protect your business against ransomware, malware, phishing attempts, and business email compromise (BEC) attacks that target Microsoft Exchange, OneDrive, SharePoint, and Teams.

1. First encounter detection: This advanced threat protection solution that detects zero-day threats at the first encounter instead of days later. We do this by analysing the composition of email, chats and documents instead of scanning for already-known security threats.
2. Protection beyond email security: We’ll proactively protect your Microsoft 365 data in OneDrive, SharePoint, and Teams.
3. Spam Filtering: We can configure spam filtering to suit your needs, adding another level of protection to your users’ inboxes.
4. Robust Reporting: We can provide clear but detailed reporting that articulates why a threat was identified as malicious.
5. Rapid Deployment: We can get your up and running in minutes.
6. Integrated Cloud Protection: We will prevent permanent data loss with automated backups 3 times a day and flexible recovery options.

Reliable backups protected against ransomware

Ransomware protection of your backups should be part of your Business Continuity and Disaster Recovery (BCDR) planning. Having a backup is great, but not if the ransomware infects the backup as well your live servers!

The 3-2-1 backup rule is a widely accepted best practice for data backup and recovery. It is a simple but effective strategy that provides a solid foundation for protecting your data against data loss due to various reasons such as hardware failure, cyber attacks, and natural disasters. The 3-2-1 backup rule involves creating three copies of your data, storing those copies in two different types of media, and keeping one copy off-site.

When looking for good backup software, an important aspect to consider is how you would restore your data after a disaster. Some backup solutions are the equivalent to copying data on a pen drive: you have it safe, but you can’t access it, because you also need a laptop. In a disaster recovery situation, you may have lost your server and you cannot access your backups until you have one. Some backup providers offer a “virtual server” meaning your data can be accessed and used from the provider’s server in the cloud: this makes the difference between having your company working again within an hour or so, compared to waiting up to a week for a physical server to be delivered and configured.

Security Operations Centre (SOC) with 24×7 monitoring

Not all companies need this level of protection but it’s advisable for all those that can afford it.

A Security Operations Centre (SOC) is a centralised unit that provides continuous monitoring, detection, and response to security threats and incidents. It is staffed by security professionals who are responsible for protecting an organisation’s information assets from cyber attacks and other security breaches.

The primary role of a SOC is to monitor and analyse security-related events and incidents on a continuous basis. This can include monitoring network traffic, system logs, and other sources of security-related data. SOC analysts use specialised tools and techniques to detect and investigate potential security incidents, and take appropriate action to mitigate or remediate them.

A SOC typically consists of several components, including:

1. Security Information and Event Management (SIEM) tools: These tools collect and analyse security-related data from various sources, including network devices, servers, and applications.
2. Incident Response Tools: These tools help SOC analysts investigate security incidents, contain the impact of the incident, and initiate the response process.
3. Threat Intelligence: This is a collection of data, insights, and analysis about current and emerging security threats. Threat intelligence helps SOC analysts to detect and respond to new threats quickly.

Businesses of all sizes and industries can benefit from a SOC, especially those that handle sensitive information or have a large digital footprint. Some types of businesses that may benefit from investing in a SOC include:

1. Financial institutions: Banks, insurance companies, and other financial institutions handle large volumes of sensitive information and are often targeted by cyber criminals.
2. Healthcare organisations: Hospitals, clinics, and other healthcare providers store and transmit sensitive patient information, making them an attractive target for cyber attacks.
3. Government agencies: Government agencies handle a wide range of sensitive information, including classified data, personal data, and financial data.
4. E-commerce businesses: E-commerce businesses rely heavily on online transactions and store large amounts of customer data, making them vulnerable to cyber attacks.

Overall, a SOC can provide businesses with a higher level of security and protection against cyber threats. However, setting up and maintaining a SOC can be complex and costly, so it’s important for businesses to carefully assess their security needs and capabilities before deciding to invest in a SOC.

Flywheel’s managed Security Operations Centre

Flywheel works with a managed Security Operations Centre (SOC) that monitors your endpoints, network and cloud for Advanced Persistent Threats (APTs) 24 hours a day. This service is operated by a specialist team of security veterans and experts who proactively hunt and investigate threat activity across your network. The team performs the triage of detections and works on remediation when an actionable threat is discovered. We deploy the SOC to all servers and laptops and desktops that we support.

1. Endpoint: Event log monitoring, breach detection, malicious files and processes, threat hunting, third-party integrations and more.
2. Network: Firewall and edge device log monitoring integrated with threat reputation, whois and DNS information.
3. Cloud: Microsoft 365 security event monitoring, Azure AD monitoring, Microsoft 365 malicious logins, Secure Score.

Controlled Phishing Campaigns and End User Cyber Awareness Training

Did you know the number one cause of successful cyber attacks is human error, in the form of getting tricked by emailed phishing attacks? Employees are sometimes lulled into a false sense of security at work, assuming company filters will prevent malicious emails reaching their inbox. Even well-informed users can have a couple of misconceptions or holes in their knowledge, and this is all it takes to fall prey to cyber criminals.

Our cyber awareness training courses

Flywheel offers cyber awareness training structured around the test-teach-test principle. We usually offer these in person but they can also be completed fully remotely.

1. We conduct controlled phishing campaigns: we send our simulated phishing emails to your users to evaluate how many of them are vigilant and how many fall for them. This establishes the vulnerability levels to the commonest form of successful cyber breach.
2. We train your staff in cyber awareness: Our Continuous Professional Development (CPD) workshops teach your staff what kinds of information they need to protect, how to protect this data, and what can happen with emails, passwords and applications that are not protected well enough. We also teach staff how to tell a phishing email from a genuine one, and what to do about them.
3. We repeat the vulnerability testing: finally, we conduct another controlled phishing campaign. This tests the effectiveness of our training and highlights any users who need additional training. Once you pass our controlled phishing campaigns, you can check the biggest box on your cyber security vulnerability test list.

Zero trust, for truly risk-averse organisations

Deploy Zero Trust protection for your network and devices if your organisation handles sensitive data. This does away with the idea that an external perimeter is sufficient and instead keeps checking users throughout your network. The motto describing this cyber security concept for businesses is “Never trust, always verify”.

Zero trust is a security model that assumes all devices, users, and applications within an organisation’s network are potentially compromised and should not be trusted by default. In a zero trust model, every request to access a network resource is authenticated and authorised, regardless of the user’s location or the device they are using. The goal of a zero trust approach is to minimise the risk of data breaches and other security incidents by limiting access to sensitive resources and data.

The key components of a zero trust model include:

1. Identity and Access Management (IAM): This involves verifying the identity of users and devices and granting them access to resources based on their level of trust. IAM also involves managing user access rights and permissions.
2. Network segmentation: This involves dividing the network into smaller, isolated segments and restricting access between segments based on the principle of least privilege.
3. Continuous monitoring: This involves monitoring network activity and user behaviour for signs of suspicious activity or security breaches.
4. Authentication and authorisation: This involves verifying the identity of users and devices and granting them access to resources based on their level of trust.

Zero trust is suitable for any organisation that handles sensitive data or valuable assets, including financial institutions, healthcare providers, government agencies, and other businesses that store and transmit sensitive information. Zero trust can also be particularly effective for organisations that have a large number of remote or mobile workers, as it provides a way to secure their access to company resources without relying on traditional network perimeters.

However, implementing a zero trust model can be complex and requires significant investment in technology and expertise. It is important for organisations to carefully assess their security needs and capabilities before deciding to adopt a zero trust model. Organisations that choose to implement zero trust should also be prepared to invest in ongoing monitoring and maintenance to ensure the model remains effective over time.

Our zero trust services

We advise on zero trust solutions and can carry out a fully managed implementation or co-manage with your own IT team.

Zero Trust Security Software Is The Future Of Secure Remote Access

Find out more

What is A Zero Trust Network?

Who Is Zero Trust Security Software Right For?

Which Is The Best Zero Trust Solution?

Zero Trust Cyber Security From ZTEdge

A disaster recovery plan

Having a disaster recovery plan is critical for small businesses because it helps them prepare for and respond to unexpected events that can disrupt their operations, such as natural disasters, cyberattacks, power outages, or equipment failures. Without a disaster recovery plan, a small business may face extended downtime, loss of data, financial losses, damage to reputation, and even closure.

The core components of a disaster recovery plan for a small business typically include:

1. Business impact analysis: This involves identifying critical business functions, systems, data, and assets, and assessing their potential impact on the business if they were to be lost or compromised.
2. Risk assessment: This involves identifying potential risks and threats that can affect the business, such as natural disasters, cyberattacks, hardware or software failures, and human errors.
3. Data backup and recovery: This involves creating regular backups of critical data and systems and developing a recovery plan in case of a data loss event.
4. Communication plan: This involves creating a communication strategy and contact lists for employees, customers, vendors, and other stakeholders, in case of an emergency.
5. Emergency response plan: This involves developing procedures for evacuations, power outages, equipment failures, and other emergencies that may affect the business.
6. Training and testing: This involves providing training and education to employees on the disaster recovery plan and conducting regular tests and drills to ensure that the plan works effectively and efficiently.

By having a comprehensive disaster recovery plan, small businesses can minimise the impact of unexpected events and ensure that they can continue to operate and serve their customers even in the face of adversity.

Our Disaster Recovery Service

We offer disaster recovery consultation and planning which consists of an assessment, consultation, written plan and allocating your named disaster recovery team at Flywheel.

Follow the link to find out more and read some case studies.

IT Disaster Recovery Services

Cyber Essentials Certification & Cyber Essentials Plus

This is a UK government initiative to help companies audit their own cyber security and eliminate any loopholes they discover. You complete a 28-page questionnaire about your systems and if your responses meet the criteria for good cyber security, you gain the certification.

Completing a cyber security audit and obtaining certification from UK government department, the National Cyber Security Centre (NCSC) is encouraged as part of the UK push for better cyber security nationwide. Companies that pass are 80% less likely to suffer a cyber breach.

The audit makes sure you are meeting required security standards in the five core categories:

1. Firewalls
2. Secure configuration
3. Access control
4. Malware protection
5. Patch management

The benefits of getting your Cyber Essentials Certification include:

• Free insurance: Your business is entitled to free cyber liability insurance if you pass your Cyber Essentials Certification.
• Win more bids: You’ll become eligible to bid for more valuable projects and boost your chances across the board.
• Peace of mind: Your organisation will be 80% safer from the risk of losing money or data to cybercrime.

Flywheel can make sure you pass Cyber Essentials

We get companies certified for a guaranteed fixed price.

1. We audit your cyber security: we’ll complete the 28-page Cyber Essentials report for you. This records your security measures against the five core principles.
2. We give you details of any upgrades that your security may need: this might include setting up new technology solutions or training your staff on cyber security policies – whatever improvements you need to meet the criteria.
3. You get the upgrades done: either go to your own IT provider, or ask us for a quote to complete the work.
4. Get your cyber essentials certification!

To book a meeting or request a tailored quote:

Cyber essentials Certification and Cyber Essentials Plus

Find out more

Cyber Essentials Certification: Make Sure Your Security Is Good Enough

IASME Cyber Essentials Checklist