• About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consulting Services
    • Cyber Executives
  • News & Resources
    • In the News
    • Blog
    • Resources
  • Contact
Can We Help?
  • About
    • About Us
    • Our Expertise
    • Meet The Team
    • Careers
  • Managed Services
    • Overview
    • Monitoring & Detection
    • Protection
    • Response
    • Training
  • Cyber Assessments
  • Consultancy
    • Consultancy Service
    • Cyber Executives
  • News & Resources
    • In the News
    • Blogs
    • Resources
  • Contact
  • Can We Help?

CSA 12 Days of Cyber Christmas

As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains as safe as possible over the festive period and well into 2022. To stay in the spirit of the season, we’ve opted to share our top security tips in the style of a 12 Days of Cyber Christmas list!

Day 1: Ensure the Principle of Least Privilege

If you manage the security of your organisation’s IT infrastructure, it’s likely you also manage a domain with plenty of users - each requiring a unique set of permissions. It can be a lot to juggle! To stay secure, we recommend you double check accounts on the domain only have access to the devices and resources that they need to access. Doing so could stop malicious actors in their tracks. And, if an account is compromised, you’ll suffer far less collateral damage due to the limited access to lateral movement.

Day 2: Backups

This might be news to some, but hackers don’t always want to steal your data. They might want to remove or destroy it instead. Therefore, it is always good to create backups of your critical data should a disaster strike. Having multiple copies of your data, both online and offline, whilst keeping it backed up and protected could help your organisation should it need to recover from a worst-case scenario.

Day 3: Encrypt Your Data

Whilst your cyber security solutions should prevent your data from being stolen in the first place, in the unfortunate event that it does end up in the hands of a malicious actor, the best way to ensure its continued security is through encryption. Luckily, there are many solutions for encrypting data, such as archiving a file and adding an encrypted password or opting for a full-disk encryption solution. No matter what method you choose, encryption will make it much harder for malicious actors to gain access to your data and will help you work towards better cyberculture.

Day 4: Manage Your Digital Footprint

We’ve all made mistakes online, such as sharing an embarrassing photo on social media or posting some content with a spelling mistake. When was the last time you searched your name or investigated your digital footprint? Many will say a very long time ago, or never! Looking at your digital footprint and removing anything you come across that you wouldn’t like others to see should give you some peace of mind, save you from embarrassment and remove any potential ammunition a malicious actor could use against you.

Day 5: Vulnerability Scans

In 2020, over 18,000 vulnerabilities were recorded on the National Vulnerability Database, a figure that has only continued to grow over the last year. Unpatched vulnerabilities can provide malicious actors with an easy door for entry into your systems and information. Implementing a solution that regularly scans for vulnerabilities and shares alerts on necessary patch updates will protect you from malicious actors that lurk in the shadows waiting to pounce on any given vulnerability.

Day 6: Patch Management

But, how do you ensure that the correct updates and patches are completed on time? In comes patch management. With the right solution, worrying about patching your systems can be a thing of the past. There are plenty of patch management solutions out on the market at the moment, from the big heavy hitters like ManageEngine and Avast. Though, regardless of which provider you choose, having a solution for patch management is sure to mitigate one attack vector at a time giving you peace of mind.

Day 7: Enable 2-FA (Two Factor Authentication)

This past year we’ve seen 2-FA here, there and everywhere - and with good reason. Using 2-FA provides more control over who gets access to your accounts as it provides another layer of protection on top of passwords and/or a passphrase. 2-FA can come in multiple forms, though the most common type is requesting and receiving a one-time code via text or authenticator app that’s valid for a limited time only. Whilst we have to acknowledge that 2-FA is not bulletproof and some methods are better than others, having 2-FA puts you in a much better position than you would be without it, which is why it’s one of our top security recommendations.

Day 8: Check Your Password

On the topic of passwords and passphrases, have you considered how strong yours are? As computers become more technologically advanced, brute force attacks become more favoured by malicious actors since they’re easier to carry out. The less complex your password or passphrase, the more likely you could be compromised. At CSA, we recommend you use a strong password or passphrase in combination with the advice in our next tip to help decrease the chance of being compromised via brute force.

Day 9: Password Management Tools

There are many password management tools out there, but what do they actually do? Secured with a master password, these tools allow users to generate and store passwords and/or passphrases ready for when needed. Before you start thinking password management tools sound counter-intuitive, research has shown that memorising multiple strong passwords can be difficult, and as a result, users will tend to opt for weaker and weaker passwords as time goes on. However, users will find themselves in a much stronger position if they need to only memorise one very strong password and can generate unrelated passwords from the management tool.

Day 10: Remain Aware of Current Threats

When it comes to cyber security, knowledge is power. Keeping tabs on malicious actor groups and how they think is a great way to protect yourself from them. If you can mitigate a common attack method used by a malicious group and understand how they operate and identify their indicators of compromise (IoC), then you’ll be better equipped to defend yourself than if you weren’t aware of the threats you could face. How do you keep up to date on the latest threats? Make sure to follow us on LinkedIn and Twitter for regular updates and keep an eye out for our regular Threat Reports that share further details on what you could face.

Day 11: Remain Vigilant About Phishing Methods

Whilst phishing methods do come under current threats, as mentioned in the tip above, protecting yourself against phishing scams is another kettle of fish that needs to be addressed separately. Why? Well, research shows that 94% of malware is sourced by email, with some of these attempts disguised as exclusive shopping discounts or deal scams over the festive period. Scammers take advantage of this being a more stressful time of the year than most, with people more likely to fall victim to a phishing attack. Once someone is compromised, it’s incredibly easy for malicious actors to steal personally identifiable information (PII) and other valuable information. Furthermore, attackers can gather emails and contact information, making these types of attacks quite dangerous, so it’s important to stay vigilant and aware of how scammers are currently operating. If you manage a mail server, implement a good spam filter to prevent the issue before it has a chance to land in your inbox.

Day 12: Active Monitoring

Whether internal, external or software-based, having active monitoring, if possible, is a priceless asset to have within your arsenal. A third eye to monitor events, alert you to any issues and inform you if your data is found on the internet as it happens is crucial if you want to react quickly and efficiently to any security breaches. With active monitoring, you can receive quick, detailed investigations into what’s going on behind the scenes with your data, or you can request active vulnerability scanning to provide you with more potential for your cyberculture.

If you would like to take action on any of these top tips, then you’re in luck! At CSA, we provide solutions to each of these issues, which you can learn more about on our services page or get in touch with one of the top experts to discuss what solutions will work best for you.

Related articles

Posted on December 29, 2021

What is SquirrelWaffle?

SquirrelWaffle is known as a dropper malware, where it would be used to download additional and potentially more destructive malware onto…

Posted on December 16, 2021

CSA Awards of the Year 2021

As we near the end of year, an incredibly busy year for our teams in terms of growth and innovation, we wanted to take a moment to…

Posted on December 14, 2021

Cyber Essentials Changes: Here's Everything You Need To Know

Rapid digital transformation, mass adoption of cloud-based services and migration to home-working were necessary changes for businesses…

Posted on December 1, 2021

Planning To Shop Online This Holiday Season? Here Are The Cybercrimes You Need To Be Aware Of

Black Friday and Christmas are considered a blessing and a curse within the retail industry. It’s a time where retailers…

Posted on October 20, 2021

This Apple “AirTag” Vulnerability could be harvesting your credentials

During late September, the headlines were hit with the news of a vulnerability within Apple’s AirTag…

Posted on October 13, 2021

September Security Roundup

Currently, the world faces not one pandemic but two: Coronavirus and the rise of ransomware attacks…

Posted on October 10, 2021

Is Data More Valuable Than Jewels? The A-List Cyber Heist That’s Putting Ransomware Attacks On The Map

Cybercriminals don’t discriminate. It doesn’t matter how famous you are, if your information is vulnerable…

Posted on October 6, 2021

CSA adds Lookout Mobile Endpoint Security to growing solutions portfolio

Following the global pandemic, the mass migration to remote working was a necessary move…

Posted on September 15, 2021

​​The Rising Popularity of NFTs and The Rising Security Threat

The art world is known for being ahead of the curve, adopting new and interesting technologies to…

Posted on September 7, 2021

TG1021 (Praying Mantis): The new threat actor group that could be targeting your IIS servers!

Recently, an infamous threat actor group going by the name of TG1021 or Praying Mantis…

Posted on August 19, 2021

Is Cyber Training and Education working?

The report from the ICO on the ‘surprising’ decline in personal data breaches…

Posted on August 13, 2021

How did an unknown hacker steal over $600M in cryptocurrencies in the biggest ever crypto based cyber-attack?

On 10th August 2021, Poly Network announced in a tweet that it had been attacked…

Posted on May 12, 2021

How to Prevent a Ransomware Attack

According to a 2020 survey by Sophos, 51% of organisations were hit by Ransomware in the last year…

Posted on March 23, 2021

Is your Microsoft M365 service secure from attackers? Are you sure?

The mass migration to remote working as a result of the coronavirus pandemic has…

Posted on January 10, 2021

Covid-19: How to prepare your staff
for remote working

Since the initial Covid-19 outbreak, the nation’s workforce had to learn to quickly…

Posted on December 13, 2020

Covid-19: Cyber Criminals Launch
Their Own ‘Virus’

Whilst the world is currently preoccupied with public health, cyber attackers have taken…

Posted on November 20, 2020

The rise of Covid-19 phishing scams

Whilst the rollout of the Covid-19 vaccine across the UK brings with it the good news…

About

  • About Us
  • Our Expertise
  • Meet The Team
  • Careers

Managed Services

  • Overview
  • Monitoring & Detection
  • Protection
  • Response
  • Training

Consultancy

  • Consulting Services
  • Cyber Executives

News & Resources

  • In the News
  • Blog
  • Resources

Cyber Assessments

Can We Help?

Partner Portal

Contact

Head Office Unit 11, Wheatstone Court, Waterwells Business Park, GL2 2AQ
©2022 Cyber Security Associates. All Rights Reserved.
Terms of Use Privacy Policy
Powered by P1C
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.
Cookie settingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT

Can We Help?