Search
Close this search box.

Top 5 Information Security Tips

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_transform=”none” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Understandably, information security is often confused with cyber security. This is because of the close overlap between the two.

Information security concerns the protection of data you store, across all formats. Cyber security, however, focuses exclusively on the digital channel. In short, cyber security is the protection of your data within cyber space. This article therefore deals with both.

These days, most businesses rely significantly on IT to protect their important company data, so it’s in your interest that your information security in the digital realm is properly secured. Your responsibility is to ensure that you’re keeping up to date with all of the best practices in information security.

With this in mind, these are our Top 5 Information Security Tips!

1. Strong password policy needed in information security

A weak password is the equivalent of leaving your front door open whilst you’re at work. It’s a really simple way for cyber criminals to steal your data.

For context, the password ‘123456’ was the most hacked password in 2018, with it found to have been used 23.2 million times in breached accounts. Ideally your password should be both lengthy and complex, including both upper and lower case letters, numbers, and punctuation.
You should probably avoid using complete words too. Cyber criminals use a method called a dictionary attack, attempting to breach your accounts by using a program that enters every word in the dictionary as your password.

For example, if you used ‘password’ as your password (which we do not recommend!), it would be cracked easily by a dictionary attack. Using a password generator when creating your passwords is a great way to protect yourself from this type of attack – it completely randomises your password, making it virtually impossible for your password to be guessed.

Also, make sure that you use a different password for every account that you own. If your social media accounts is hacked and you use the same password for your internet banking account, then you’re at very high risk of fraud.

Therefore, we recommend that you change your password every 6 months – it reduces the risk of being hacked.You need more than a good password to secure your accounts, however. Layered security through the use of multi-factor authentication (MFA) is essential as it makes it a lot harder for your credentials to be stolen. In fact, a recent Microsoft study found that multi-factor authentication blocks 99% of account hacks.

2. Bring Your Own Device (BYOD) Policy

If you allow staff, or any external parties, to bring their own devices on-site for business use – and this includes mobile phones – then you must implement a BYOD policy. The reason for this is that you don’t know how secure devices outside of your business are.

Allowing any device onto your network opens your business up to a variety of risks:

  • Perhaps a mobile or laptop is infected with malware;
  • Maybe a user accesses illegal content;
  • If the device has no security, a criminal could use their device as an access point into your corporate network.

Ideally you should always be aware of every single device that is connected to your network. It only takes someone with malicious intent to connect their laptop to your WiFi. If one device containing a malware payload gets into your network, you could be facing a data breach.

There are numerous risks associated with non-corporate devices accessing your network, so a BYOD policy is a formal, codified way of minimising these risks.

For example, you may choose to refuse access to your network unless the device in question has full, up-to-date endpoint security. You might also insist that all devices containing or accessing business data have multi-factor authentication enabled, layering your security.There are many more steps you can take to prevent 3rd party devices from becoming a threat – and you may even request that certain apps or websites are blocked whilst connected to the business network.

However you decide to setup your BYOD policy, the terms between the business and those subject to the policy must be clear.

3. Verify firewall configurations essential for information security

It’s all well and good having network security in place, but you need to ensure that the firewall is protecting your network in the way it ought to be.

Think of your firewall as security staff on the door of a building – you might have the front door protected, but is your firewall configured to account for threats that could get in through a back window or through a hatch in the roof?Configuring your firewall, or having your managed service provider do it for you, is essential. This ensures that traffic coming in and out of your network is being properly policed. Some next-generation firewalls, such as WatchGuard, actually examine individual packets of data forensically, giving you full visibility of your network traffic.

The reason this is important is that a well-configured firewall can often be the difference between excellent information security and a data breach.

You will want your IT team to examine every router that it used to direct network traffic around your business.

Tip

We have seen instances in businesses where someone has sought to extend their WiFi signal, so they plugged in a basic home-use router.

NEVER do this. If you’ve spent time, money, and resources securing your business with enterprise-grade firewalls, this can bring your security down in a matter of seconds. Basic routers are not appropriate for corporate use and are easily hackable.

4. Update all Devices and Software

Make sure all your business devices are kept up to date, including software updates. Contrary to the myth that Chromebooks and Apple devices cannot be hacked – all devices are hackable. And if your device can be hacked, your data can be stolen.

A popular method of extracting data from businesses is via exploits in software. This is why your laptop or PC might seem as if it’s updating constantly – it’s to patch these exploits. Therefore the onus is on you, or your managed service provider, to install all possible updates.

Only recently, Martin, Neuways’ Managing Director, had his say on safeguarding data on devices. His advice is to treat all your data that is stored on a device like confidential files in your office.

You wouldn’t leave your confidential files open on a desk for someone to read or take – and the same applies with the data stored on your devices. Always keep them up to date, password-protected, and on your person at all times.

5. Teach and Encourage Cyber Awareness

This might take the form of end-user IT awareness training.

Ultimately, you need to be really careful where you click. This includes emails, websites, and text messages. Cyber criminals have honed all sorts of methods to try and catch you out, including phishing – the impersonation of a trusted source.

Social engineering is one of the more sinister ways cyber criminals achieving this. If you have a presence on social media and happen to share a lot of information, criminals can use this when crafting an email designed to catch you off guard.

For example, you might be expecting an invoice from a business you’ve been working with recently. If a criminal spoofs an invoice, and you fall for it, you might find yourself handing your business’s banking details over without realising.

You need to ensure that the whole of your business is aware of a what phishing is, and the techniques used, in order to mitigate against this threat.
The best practice is this: even if there is a hint of doubt whether the email received is a legitimate correspondence, don’t open it. Call the person you’ve received it from in order to verify its authenticity.

This might feel awkward, or a little unnecessary, but it’s far less awkward than realising you’ve handed over critical business or banking data. 92% of malware is delivered by email, so it’s always worth verifying the authenticity of your correspondences, as part of your commitment to information security.

If you want more information or advice about Information Security, say hello@neuways.com
or give us a call 01283 753 333.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Work Password Example - why you need a password manager
The most hacked passwords in 2024 and how to protect yourself
These are the most hacked passwords in 2024, learn today how you can protect your business and foster...
Read More
Early patching in Cyber Security
The Importance of Early Patching
Combat against cyber threats with early patching in cyber security.
Read More
Zero Patch updates - Cyber security vulnerability spotted - Neuways urge businesses to act.
Biggest Microsoft Patch Tuesday in years fixes four zero-days, five critical bugs
Discover how the latest Microsoft Patch Tuesday update addresses 142 vulnerabilities, including four...
Read More
Cyber security offered by Neuways in Derby
Businesses pressing ahead with AI regardless of Concerns
Businesses are ignoring concerns re: AI for data tracking. Neuways advise on how to foster a cyber security...
Read More
Cybersafe
What is Credential Stuffing and how can it affect your business?
Defend your business against credential stuffing attacks thanks to Managed Cyber Security services from...
Read More
Cyber secure culture within the business
6 ways to foster a Cyber Secure culture within your company
95% of cyber security issues traced to human error. Here is how to foster a cyber secure culture within...
Read More
Apple devices holding company data could be a security flaw in your business. Photo by Aurich Lawson.
Why it's important to control what apps go into devices that hold company data
If you supply employees with work devices holding company data, managers need to be able to control what...
Read More
Beware of Fake Free WiFi netowrks.
Beware of Fake Free WiFi Networks
Fake free WiFi networks allow cyber criminals to gain access and steal personal data. Use a secure WiFi...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

We can help you conduct Cyber Audits to assess whether your business would gain Cyber Essentials and Cyber Essentials Plus Certification. Our dedicated departments work with your team to assess how much work is required before you gain Cyber Essentials Plus certification. We will then provide advice and consultation on what aspects you need to change within your business before providing a quote on how we can assist your company become Cybersafe.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. Our experienced business consultants have worked all over the world for organisations operating on a global scale. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name