How to secure your organization from cyber attacks

December 20, 2016 - 17:32

According to a recent British government research, two third of large UK businesses are hit by cyber breach or attacks in the last year 1. The British government is urging business to protect themselves against cyber attacks. Cybersecurity measures can be to a large extent handled proactively with a well mapped out strategy that is reviewed continuously.

Top to bottom-level engagement is critical to the success of a firm’s cybersecurity programs, along with a clear chain of accountability. Prevention of cyber attacks is better than damage control. A good cyber security strategy makes sure that all the bases are covered.

Effective training helps to reduce the likelihood of an attack by providing the knowledge to minimize the chances of becoming targets. Cyber security threats can be due to environmental, physical or system level threats.

Environmental Security

Cyber security strategies that mitigate targeted cyber intrusions are:

  • Restricting Administrative Privileges

    Limit those who have the admin rights to configure manage, and monitor computer systems.

  • Whitelisting Applications

    Allowing only approved applications to be installed or run.

  • Application Security Patching

    Enforcing effective practices to deploy new security patches regularly as and when alerted.

  • Operating System Security Patching

    Employing security patches for the operating system.

The strategy begins with the identification of what information the company needs to be protected and where it is located. Backups ensure that an organization can recover quickly by restoring lost or damaged files.

Physical Security

Another important line of defense in cybersecurity is the physical protection of the organization’s IT property. Companies should create an accurate inventory of:

  • Hardware and systems
  • Software platforms and applications
  • Maps of network resources, connections and data flows

System Level Security

  • A good project management cum issue tracking tool should be used for storing access credentials for a project. Access rights are to be controlled by the concerned manager of technology.
  • To access the git repo of a client project, the public key of a developer needs to be added to the git repo.
  • Git access allowing read/write permissions to different users.
  • Linux based systems improve protection against data vulnerability.

To prevent unauthorized access, we at Zyxware also have in place the following.

  • Only employees, management, and special visitors are allowed on the premises with a valid Photo ID.
  • Employees are provided with laptops/desktops and personal devices are not allowed. Network access within the premises is given only to systems with authorized Ids.
  • Routers access area is locked and protected.
  • In development, we follow Drupal security and coding standards to sanitize user data.

Cyber security training and awareness should be made mandatory for all personnel. Even basic precautions like restricting access to computer contents by locking the screen when away from desk adds.

Thus in essence, for an effective enterprise-wide cyber security a sound security strategy should be developed and implemented. Zyxware Technologies knows the importance of being proactive against cyber attacks. We have set in place cyber security protocols to ensure transparency in dealing with client information. To know more about how we can help you build web applications while ensuring security of the site, do get in touch with us!

References:
1. https://www.gov.uk/government/news/two-thirds-of-large-uk-businesses-hit...
2. https://www.owasp.org/index.php/Review_Old,_Backup_and_Unreferenced_File...(OTG-CONFIG-004)

3. http://www.businesswire.com/news/home/20161102005369/en/Accenture-Survey...
4. http://www.iiroc.ca/industry/Documents/CybersecurityBestPracticesGuide_e...

Post your comments / questions