What key should organisations be doing in terms of cyber defences to ensure they are resilient?
The risk of a cyber attack has been an accepted reality of 21stcentury business life for some time. This prospect is understandably unnerving for many organisations, but much can be done to increase resilience, thereby reducing the impact of any breaches that do occur.
Backups
Most organisations run regular corporate application server backups. These can be augmented with automated backups of workstations and laptops (which often does not take place systematically) to minimise data loss and avoid the need for pay-outs in ransomware attacks, as well as helping with day-to-day issues such as file corruption. This is reinforced with daily checks to confirm that a full backup has taken place, along with an agreed process to follow should it fail.
Encryption
Breaches on lost or stolen laptops can be minimised by making the encryption of hard drives a standard corporate process. This requires users to enter the appropriate PIN to boot up the device before reaching the operating system login, which can only be accessed with a second PIN/password, thereby acting as a form of two-factor authentication.
