Best practice to avoid a cyber security breach

Our Governance, Risk, and Compliance (GRC) specialists share how to avoid a security breach by following cyber security best practice.

Cyber security breaches have received unprecedented press coverage recently, with the education sector being hit particularly hard by cyber attacks. Realistically, no organisation can 100 per cent avoid a breach, but you can reduce the risk of a breach – and minimise the impact it has should you fall victim to a cyber security attack – by ensuring your cyber security strategy is resilient and complete.

There are two types of cyber criminal

In most cases of theft, you have two types of thief – the opportunist and the organiser. And this is no different when it comes to cyber security.

The opportunist has no plans, they just know that they are after something valuable. They will look for easy opportunities to steal by identifying the gaps in your security.

The organiser has a well-formulated plan. They have done their research and know what’s valuable, when they can gain access, and what security measures they need to overcome. They will formulate a plan that challenges security to find the smallest vulnerability and gain access.

So, how do you stop them and protect your organisation against a breach?

The opportunist cyber criminal 

This type of cyber criminal will typically use a spray and pray method by targeting multiple people and organisations at the same time, usually with phishing attempts until someone falls victim and ‘opens the door’.

For these types of attack, you can usually avoid them by utilising the following security methods.

Up-to-date anti-virus and malware protection

It’s fairly straight forwarded, but ensuring that the anti-virus and malware software across your organisation is regularly updated and functioning properly can help your workforce to navigate digital environments securely and prevent devices becoming infected.

Email filtering

Enabling email filtering allows organisations to automate the monitoring of incoming emails for red flags that could signal a phishing attempt and automatically move those emails to junk. This often prevents recipients from clicking on links and opening attachments within suspicious emails as they are already highlighted as spam.

Learn more about how to spot a phishing attempt.

Cyber security training

Security training for your employees is a crucial part of your cyber security strategy as your workforce are your first line of defence against attacks. By making everyone within your organisation aware of the signs of an attempted security breach – and also the process of reporting anything suspicious – you can spot and prevent more cyber security breaches in the first instance.


The organised cyber criminal

When it comes to the organised cyber criminal, unfortunately there is little that can be done to 100 per cent avoid a breach. The reason for this is because they are usually quite determined, patient, and know what they want. They are happy to take their time with collecting as much information as possible to find the smallest security vulnerabilities within your organisation and expose them.

Although you can’t prevent every breach, you can reduce the impact of a targeted attack with a robust cyber security strategy. By deploying the solutions below, you can help your organisation to avoid a breach and mitigate the damage of a successful one.

Endpoint protection

A modern solution that offers protection from multiple attack factors, and the protection and visibility of your devices wherever they are, is the kind of endpoint protection you should choose. Cloud-based security offers all these features and is easy for your IT or security teams to deploy and manage.

End-user awareness training

As previously mentioned, your workforce or users are your first line of defence, but they are only as good as the training and knowledge they have. Utilising awareness training solutions brings a lot of benefits to an organisation and could help to reduce your risk score.

Consistent training is effective training. The threat landscape is always changing and becoming more effective in its methods, so it’s important to regularly remind your employees what they’re looking out for, and to slow down and check the legitimacy of a communication before acting on it.

Create a cyber security incident response plan 

The technology you use to protect against cyber security breaches is important, but the processes and documentation that support that technology, such as a plan for when a breach does happen, are also key. Creating a cyber security incident response plan (CSIRP) will give your leadership team more confidence in your organisation’s preparedness and approach. The National Cyber Security Centre (NCSC) suggests testing the plans and processes you have in place at least once a year.

Secure business buy-in 

It’s key to remember that cyber security is not the sole responsibility of IT, but an entire business decision. When done correctly, the processes, policies, and technology you put in place as part of your security strategy will assist and support your organisation to meet its business objectives.

A cyber security strategy is vital for all organisations to prevent against a breach. Contact us for support building an approach that is right for your organisation.

Ben Murden
Ben Murden

Ben has over two decades in the IT industry, delivering both online and offline campaigns across all platforms to meet business goals and objectives. Joining Phoenix in 1999 as a graphic designer, Ben has evolved over the years into a fully-rounded marketing professional, before being promoted to Phoenix Marketing Manager early in 2018, reporting directly to the MD. With his background in creative design, Ben takes projects from inception to execution and can identify the correct strategy based on the subject, audience, and goals – while increasing the brand profile and revenue. His passion for digital marketing is evident in everything he does, and both vendors and strategic partners often comment on his incredibly positive attitude to ‘make things happen’.

See all posts by Ben Murden