Milton Keynes, MK12 5NF
Helpdesk Opening Hours
Customer Support
Before you can change or improve your IT security landscape, you need to step back and discover exactly where you stand, and then act upon what needs to be done. In this article we will discuss three key questions that every business needs to address. Then you can read about 5 technical controls that are essential for business cybersecurity today. You can finish up with our pre-assessment checklist to see how simple it is to start the ball rolling and secure your business IT environment.
It is true that you may lack in house skills to carry out a true cybersecurity assessment, so what can you do? Talk to a Managed Security Service Provider that will assess your current situation and help you to identify areas that have already been breached or may be vulnerable. This is not a costly, time consuming project, and never puts your sensitive data at risk. In a single visit, the Your Cloud Works team will help you to assess your level of security and IT productivity. You could even request a free Dark Web Scan to check your business credentials, and their availabilty on the dark web.
An IT security assessment will reveal key areas of your cybersecurity that are rock solid, but of course there will be areas that need significant improvement. Based on the assessment, you can establish a company wide Cybersecurity Policy that serves a a baseline. Once you understand your security baseline, you will be able to launch and monitor the correct Cyber Safety protocols across every member and every department of your company. A simple example of one key baseline element is your company password policy: How often are they changed? What level of password security is required? Does everyone understand the importance of password security? Your team members will require regular security awareness training and testing to maintain a healthy cybersecurity culture, and observe high levels of data protection and GDPR compliance. Our Cybersecurity 101 Blog Series will give you an insight on how to reduce and avoid costly GDPR breaches.
An assessment will ideally shine a light on areas of your business that are vulnerable to cyber attacks. Once you have discussed the results of your review with your technology partner, they should also offer the most practical solutions to strengthen your security. Due to budget restrictions, you may have to prioritise the security services that you choose to protect your business. Your Cloud Works is an MSSP that guides businesses towards complete Cyber Essentials and GDPR compliance. Some aspects of Cybersecurity and Data compliance can be so easy to correct and maintain, such as safe password management. When you start to discuss firewall, antivirus and ransomware protection, you really do need to talk to experienced professionals. In our Cybersecurity 101 Blog Series we have tried to discuss these important issues in a way that any business owner can understand and process with ease.
You should protect your Internet connection with a firewall. This effectively creates a ‘buffer zone’ between your IT network and other, external networks. In the simplest case, this means between your computer (or computers) and ‘the Internet’. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed onto your network.
Cyber Essentials Certification and GDPR compliance require that you configure and use a firewall to protect all your devices, particularly those that connect to public or other untrusted Wi-Fi networks.
Manufacturers often set the default configurations of new software and devices to be as open and multi-functional as possible. They come with ‘everything on’ to make them easily connectable and usable. Unfortunately, these settings can also provide cyber attackers with opportunities to gain unauthorised access to your data, often with ease.
Passwords – when implemented correctly – are an easy and effective way to prevent unauthorised users accessing your devices. Passwords should be easy to remember and hard for somebody else to guess. The default passwords which come with new devices such as ‘admin’ and ‘password’ are the easiest of all for attackers to guess.
Cyber Essentials Certification and GDPR compliance require that only necessary software, accounts and apps are used. If you would like more information on choosing passwords, search www.ncsc.gov.uk for ‘password’.
To minimise the potential damage that could be done if an account is misused or stolen, staff accounts should have just enough access to software, settings, online services and device connectivity functions for them to perform their role. Extra permissions should only be given to those who need them. Many enterprises never take the time to check this aspect of their Cybersecurity.
Check what privileges your accounts have – accounts with administrative privileges should only be used to perform administrative tasks. Standard accounts should be used for general work. By ensuring that your staff don’t browse the web or check emails from an account with administrative privileges you cut down on the chance that an admin account will be compromised.
Cyber Essentials Certification and GDPR compliance requires that you control access to your data through user accounts, that administration privileges are only given to those that need them, and that what an administrator can do with those accounts is controlled.
Malware is short for ‘malicious software’. One specific example is ransomware, which you may have heard mentioned in the news. This form of malware makes data or systems it has infected unusable – until the victim makes a payment. Viruses are another well-known form of malware. These programs are designed to infect legitimate software, passing unnoticed between machines, whenever they can.
Where does malware come from? There are various ways in which malware can find its way onto a computer. A user may open an infected email attachment, browse a malicious website, or use a removable storage drive, such as a USB memory stick, which is carrying malware. Talk to Your Cloud Works to discuss how to defend against all types of malware today. We can help you with secure Anti-Malware and anti-virus measures, Whitelisting and Sandboxing.
Cyber Essentials Certification and GDPR compliance requires that you implement at least one of the approaches listed above to defend against malware.
No matter which phones, tablets, laptops or computers your organisation is using, it’s important they are kept up to date at all times. This is true for both Operating Systems and installed apps or software. Happily, doing so is quick, easy, and programmable.
‘Patching’ – Manufacturers and developers release regular updates which not only add new features, but also fix any security vulnerabilities that have been discovered. Applying these updates (a process known as patching) is one of the most important things you can do to improve security. Operating systems, programmes, phones and apps should all be set to ‘automatically update’ wherever this is an option. This way, you will be protected as soon as the update is released.
However, all IT has a limited lifespan. When the manufacturer no longer supports your hardware or software and new updates cease to appear, you should consider a modern replacement.
Cyber Essentials Certification requires that you keep your devices, software and apps up to date.
We are very interested in reading you feedback, comments or general ideas that you would like to share about cybersecurity and IT support. Please feel free to leave your comment, like or share with others who may enjoy this post.
Now you can request you FREE Security Assessment checklist PDF. This tool will help you to answer the initial Cybersecurity questions raised in this article. If you don’t know the answers, you need to know who in your business does have the answers to these questions. Our PDF request form is below. Please scroll down to reach the submit button when you have completed the form.
3CX Hosted Phone Systems
3CX hosted phone systems are cloud-based communication platforms that enhance business connectivity through unified voice, video, and messaging tools.
Application Hosting & Management
Application hosting and management involves deploying and maintaining software applications in the cloud to ensure their reliable and secure operation.
Centralised Professional Email Signature
Centrally managed email signatures. Set sleek unified signatures for the whole company.
Dark Web Monitoring
Monitor the Dark Web for compromised domain/emails from your company to limit a cyber attack.
Device Protection (Endpoint Detect & Respond – EDR)
Fully managed and monitored device protection 24/7, human led SOC, who detect and investigate, triage, and action remediation.
DNS Security and Configuration
Email security is paramount to protecting your business and brand. Configuration of a domain for email is the first step.
Domain Registration & DNS Management
Domain registration secures your web address, while DNS management ensures that people can find your website using that address.
Email Filtering, Protection & Security
Total email security that filters spam, viruses, phishing attacks and more.
Full Fibre 900mbps Business Internet
Full Fibre 900Mbps Business Internet delivers lightning-fast, symmetrical speeds to supercharge business productivity.
Google Workspace Subscription, Management & Security
Google Workspace smoothly integrates the business solutions that your team needs in one place.
Internet Filtering & Protection
Our DNS filtering solution has been ranked #1. Internet and Content Filtering at its best.
Managed Backup for Microsoft 365 & Google Workspace
Our backup solution is built in the cloud for the cloud, making it one of the fastest and most reliable cloud backups.
Microsoft 365 Security Monitoring
24/7/365 monitoring of your Microsoft 365 account to spot any configurations issues and fix them.
Microsoft 365 Subscription, Management & Security
Microsoft 365 subscriptions include familiar Office apps, intelligent cloud services, and world-class security in one place.
Network Discovery
Network Discovery provides complete security scans of your network in real time.
Password Manager
Protect your organisation against cyber threats with zero-trust enterprise password management.
Penetration & Vulnerability Testing
Automated full-scale penetration and vulnerability testing as a service.
Phishing Simulation & Security Awareness Training
Auotmate your Cyber Security Awareness & Phishing Training with YCW.
Server Support
24/7/365 Server monitoing in real time. We fully maintain, patch monitor your servers.
Support, Monitoring & Maintenance
Our IT Helpdesk is available from 8:30am to 6:00pm Monday to Friday to answer and resolve any question you may have.
Windows 365 Cloud PC
Windows 365 Cloud PC allows you to securely stream your Windows experience, including your personalised apps, content, and settings, directly from the Microsoft Cloud to any device.
WordPress Hosting
WordPress Hosting is a hosting service optimized for WordPress websites, providing easy setup, enhanced security, and performance tuning for a seamless WordPress experience.
Zoho CRM Subscriptions
Zoho CRM is a cloud-based customer relationship management platform designed to help businesses streamline their sales, marketing, and customer support processes