:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/4PSGYT3VH5E7PE73IKYVDOXJAE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/HHRBDQ6VGFHNHAAKT2QN4KI6PE.png)
Password best practice
All users should adopt a strong password that is unidentifiable and unique.
“Hackers and bad actors use identity attacks to break passwords,” Three’s Ciara O’Reilly advises. “They gather this information on users from social media, which helps them build a profile.”
Pick something easy to remember, that’s not associated with you, she adds. “You can use a line from a song or a poem as long as it’s one you’re not noted for singing or reciting. More businesses – and not just banks – are using multi-factor authentication (MFA). Three’s 3Communicate can provide the SMS part of MFA if SMS MFA is required.”
Regular training
Businesses should run regular cyber-training sessions, which should be included as part of any employee induction.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/XIILVL3EOFGATNKEIH6JGAI75Q.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/3J2BY6SSPFCIBHSTBSQDRXYRLQ.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/WHDHL7VYFRACVP2CDVQEL5KQIU.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/V3FDT7ZQYNE2BAJEHE3UVKKPFM.jpg)
“Training is so important,” says O’Reilly. “Anyone can get what looks to be a highly urgent email or text asking them to click on a link or take some action. Training helps people to wait, pause, take time to think about it and look closely at the email address to see if it is bogus.”
Just as such attacks have become a fact of working life, cyber training should not be one-off. “It has to be constant and should be done every month,” says O’Reilly. “Just like you would plan for a fire drill, it’s best practice to have a plan of action should your company be subject to an attack.”
Protect from malware and threats
It’s not enough to just react to a security breach; businesses must go on the hunt. “Threat protection is probably the biggest topic in the cybersecurity industry right now,” says O’Reilly. “Bad actors sit on the network for weeks or months gathering enough data before unleashing an attack. Businesses must have visibility into all suspicious behaviour, report, then remediate at speed.”
Back up key systems and data
Keep copies securely off-site and check that they work. “There has been a huge uplift in businesses opting to move their backup data into the cloud,” says O’Reilly. “Ireland has been lagging when compared to other countries but with the pandemic this shift has accelerated. Three has successfully migrated the HSE Healthmail solution into a fully secure cloud solution, so we have experience in helping customers move key systems into the cloud.”
Apply new security patches immediately
It’s surprising how often this is overlooked, O’Reilly says. “Even on devices like smartphones, people aren’t updating the software – and then they are surprised when they’re not working well.
“But it’s not just operability – it’s security as well. You need to look at all vulnerabilities on all systems and devices. It’s not just a tick-box exercise. You must make sure all systems are up to date. If you don’t have the expertise in-house support is available in the market, including from Three.”
Encrypt sensitive data
“Effectively what you are doing when your are encrypting data is making sure that even if the criminal successfully breaches your defences the treasure chest is empty – or if it’s not, they can’t get into it,” says O’Reilly. “Businesses should also be aware that DLP (data loss prevention) and labelling of data is critical for GDPR compliance. If you don’t know how to do it, it really is worth getting outside help.”
Use firewalls and install the latest firmware
“You have to make sure your firewalls are configured properly if they are to do their job. And you have to keep them up to date. If they aren’t proactively managed there could be vulnerabilities.
“We work with customers to help them ensure their firewalls are as secure as possible. Also, you can whitelist or blacklist or block certain websites or IP addresses. Constantly updating rules and updating to the latest firmware gives firewalls their power. Three provide a managed firewall product to help customers in this key area.”
Encrypt your wifi network and regularly change the password
Wireless encryption is standard practice to secure wireless networks with an authentication protocol. “Without this, unauthorised users could access your network and obtain information or use your internet connection for malicious or illegal activity,” says O’Reilly.
“If your wifi network is not secured properly you are opening up a gateway into your data and your business. You need to secure your own wifi network and ensure your staff don’t use unencrypted wifi networks when working remotely.”
When to use a VPN
A virtual private network (VPN) is a must when accessing your systems over a public wifi or insecure network. “VPNs are, however, losing popularity due to web applications being more accessible and already encrypted with strong robust cryptographic protocols,” says O’Reilly. “Three has a Managed WAN solution which includes provision of secure VPNs from office sites; Three also has a Managed APN solution to secure remote and home workers when accessing corporate data remotely.”
Develop an incident response plan
“This is hugely important,” she concludes. “Having a cybersecurity incident response plan should be seen as important as a fire-escape plan. A business must have a set of instructions in place to help prepare, detect, respond to and recover from network security incidents.”