BTG Cyber Security Services
Get the basics right
Many think cyber security is extremely complex, and while it can be, if you don’t get the basics right your business will struggle to remain protected. Here is what our security experts recommend.
Let us help you breathe easy with a Cyber Security package that will provide the critical security measures your business needs to keep running smoothly.
How strong are your passwords?
Longer passwords are stronger, so we recommend your password policy enforces 14 character passwords and encourage users to use phrases. Passwords need to be checked against a database of compromised passwords when created or during periodic password audits.
Are you making it hard for them to gain access?
Multi factor Authentication (MFA) is one of the most effective ways to protect Internet-facing services from unauthorised access. Best practice is to remove all unnecessary services from the Internet and ensure all essential, remaining services use strong authentication. Ensure applications, collaborations and sharing settings are configured to appropriately secure your environment. If your business has Office 365 then you need to use multi factor authentication as standard protection.
Have you ensured your devices are protected?
Don’t get infected! Virus or endpoint protection needs to be smarter than the modern malware. The latest best-of-breed solutions employ AI and watch behaviour on top of simply checking files for known virus signatures.
Is your email secure?
Email remains the most popular attack mechanism for malware, social engineering attacks and fraudulent requests. Common attacks include: Links to fake login sites to steal passwords; malicious attachments and using compromised business email accounts to steal money. Advanced email security helps prevent most threats from ever reaching your staff.
We also offer a cost effective solution to continuously monitor your Microsoft 365. Compromised Microsoft 365 accounts are the most common security incident we assist clients with. In many cases, the initial indications come after the damage has already been done and post-mortem investigations usually find early signs of an account compromise, that went unnoticed.
Our monthly service can help you by providing monitoring, proactive triage and notifications of suspicious activity. We integrate our logging and analysis platform with your Microsoft 365 tenancy to retrieve and analyse key event logs. We monitor your environment to establish a baseline of normal activity. This helps us identify unusual events and then respond to generated alerts. We research events, correlating activity and data from multiple sources, to assess whether an event is suspicious or not. Learn more here.
Have you trained your staff?
Attackers can target your staff with a range of different social engineering techniques and no security tool can stop all malicious emails. One of the best way to protect your business is raising awareness of key risks and understand what to do when you see something suspicious.
Phishing simulations raise awareness throughout your business and let staff practice the skills they learn. Training effectiveness can be tracked in comprehensive reporting.
Had a health check? Get your business assessed
Seek professional advice on security best practices. Get a review of your security controls and perform a password audit. These will all help your business to run smoothly.
When was your business tested last?
Depending on business size and IT dependency, we recommend you budget for ‘security penetration tests’. This test finds any weakness within your company’s IT system before cyber criminals do.
Its not a matter of ‘if’, but ‘when’.
Backing up your data is vital. Ensure you have secure, off-line, and tested backups to enable recovery in the case of a ransomware attack so your business will be back up and running as quickly as possible.
Do you know who has access?
Have a professional check your firewall rules. Inbound and outbound rules must be setup correctly and securely to be an effective defense.
Is your business up-to-date?
Software is continually getting more complex and connected resulting in more vulnerabilities and the impact being greater. Identifying security vulnerabilities and attackers quickly weaponising exploits is leading to less time to address. It is critical that systems and applications are updated.
Trust no one?
Historically companies don’t restrict internal network access. Moving towards a ‘Zero Trust’ network where (for example) workstation networks are treated the same as inbound traffic from the Internet. Server networks also need this, ensuring they are running the local firewalls and they are configured correctly.