Recent Data Compromises - TalkTalk & M&S

Recent data compromises at TalkTalk and M&S are driving conversations about how organisations mitigate Cyber Security risk. Ultimately Cyber security is just another risk that a business needs to manage in the same way it does financial, operational, strategic or compliance risk. 

The top 5 things you can do to reduce risk are the following:

 1)        Updating and Patching - most attacks are not sophisticated and take advantage of unprotected machines that are not updated. Ask yourself what is your strategy  for updating systems? What is the average time between an update being released and deployed? Are you concerned about this window?

2)         Configuration - Misconfiguration of applications or services is a big problem. These bad configurations leave systems open to attack that otherwise would be secure. Professional services engagements look at how systems are deployed for common errors.

3)         Device Security - controlling how devices (especially BYOD : Bring Your Own Device) access applications and services is an important way to stop compromised devices getting behind the security layers of an organisation. How do you control BYOD devices? How are they authenticated when they join the network?

4)         Password Management - there is no point buying lots of shiny and expensive security equipment if someone sets terrible passwords. Are you looking to utilise a tool that generates passwords randomly and stores them in a vault. Multi-factor (2FA) can be used to supplement passwords to also reduce this risk. 

5)         Vulnerability Scanning/Penetration Testing - Allows you to better understand the risk of each of your systems and provide a to do list of security steps that need to be taken to get systems up to scratch. Softcat offers an external vulnerability scanning tool that is cheap and easy to setup, alternatively on-premise solutions can be deployed to scan the internal network for vulnerable servers.

Many thanks to Softcat Networking and Security specialist Adam Louca for his contribution to this post, 

Please get in touch if you have any questions,

Kieran Smith

01612745170
kieransm@softcat.com