Cyber Security: Yorb Critical 8
FOR IMPROVING YOUR SECURITY POSTURE AGAINST CYBER SECURITY RISKS
It’s hard to keep your business safe from cyber threats. Addressing cyber security risks is crucial, especially with the rise of remote working. There are multiple frameworks, controls and strategies. Yorb suggests that businesses have on-going security conversations across the organisation. This includes a focus on people, processes and technology. Our team can help you create a security roadmap. But, we know this can take some time. That’s why we also offer the Yorb Critical 8. These recommendations are based on the risks we see that small businesses face in New Zealand as well as
CERT NZ’s Critical Controls 2022
Where does your business stand?
- CloudCover for Microsoft 365
- CloudCover Backup for Workstations & Servers
- CloudCover Backup & Disaster Recovery
Yorb supporting products
- Cyber criminals target your main data and any backups they find. Data breaches are becoming increasingly common, highlighting the need for secure backup solutions. Isolating backups protects your business from these threats.
- When accidental or malicious data destruction occurs knowing the integrity of your backups is sound will give you peace of mind.
Why is it important?
- Back up all on-premise and cloud-based systems regularly.
- Create two copies of all backups.
- Keep one copy isolated and physically separate from your primary data location.
- Check backups often to make sure they’re working.
What does it involve?
1. Secure Backup and Recovery
2. Patch Management
- Keep devices and applications up to date with the latest version or versions still supported by the developer.
- Include the Operating System and application software. For example
- Windows
- MacOS
- iOS
- Android
- Google Chrome
- Adobe Acrobat
- Microsoft Office
What does it involve?
- Attackers will exploit known vulnerabilities in software, and developers will release updates to address these issues.
- Patching your software often will help minimise your exposure to vulnerabilities. This is crucial to protect against malicious software, which includes threats like viruses, Trojans, spyware, ransomware, adware, and botnets.
- Software will eventually go to end of life, at which point it’s no longer updated and should be removed from your business entirely like Windows XP and Windows 7.
Why is it important?
- Core Yorb Support Contracts
- Priority support
- Help desk support
- Remote support
- Total support
- Digital roadmaps
Yorb supporting products
3. Multi-factor Authentication
and Identity Management
- All systems have multi-factor authentication, meaning users need two forms of identification to access them. This is especially important for Internet-accessible systems like Microsoft 365.
- Use a centralised identity management platform to make things easier.
What does it involve?
- People guessing or stealing passwords is common and is avoided by using multi-factor authentication.
- Computer systems are increasingly integral to various sectors, making their security paramount.
- Businesses often have multiple systems with different login information. Identity Management integrating these systems increases security.
Why is it important?
- Microsoft 365 Security Journey - Stage One
- Remote Access Security
- Digital Consulting / Professional Services
- Microsoft 365 Security Monitoring
Yorb supporting products
4. Device Management and Endpoint Detection and Response (EDR)
- Make sure devices accessing company data and systems meet security requirements, including:
- Device Encryption
- Attack Surface Reduction
- Device PIN requirements and failed password wipe
- Endpoint Detection & Response (EDR)
- Web Content Filtering
What does it involve?
- Devices are connected to your business and often store data. They also usually have direct access to your systems with reduced password requirements. So, they’re a weak spot that criminals can exploit.
- Since devices are no longer protected behind office walls and enterprise firewalls, we need to take extra precautions.
Why is it important?
- Yorb Defender for:
- Windows
- MacOS
- iOS
- Android
Yorb supporting products
5. Security Awareness Training
- Train your users to identify security risks and what to do about them.
What does it involve?
- People, process and technology work together to keep your business safe. Users are often the weakest point in security, so make sure to educate them on how to keep your systems safe. Information security is crucial in this context, as it involves preserving the integrity and privacy of data throughout various stages.
Why is it important?
- Online Security Training
Yorb supporting products
6. E-Mail Hygiene (SPF, DKIM, DMARC)
- Make sure e-mails sent on your behalf are real, and that people can’t pretend to be you or your business.
What does it involve?
- Be a good cyber-citizen by taking steps to protect others. For example, stop unauthorized parties from sending e-mails using your e-mail address. This protects people and your reputation.
Why is it important?
- SecureSEND
Yorb supporting products
7. Firewall and LAN Management
- Keep your Firewall and LAN infrastructure secure by patching it and keeping logs of activity.
- Make sure logs include details regarding what systems and websites are being accessed.
- Segment the network into logical secure units.
What does it involve?
- Your network infrastructure supports the delivery of data and systems. If it’s not protected, cyber-attackers could use it to access your network.
- The increasing prevalence and evolution of security threats highlight the importance of equipping personnel with the knowledge to handle these dangers.
Why is it important?
- SecureNET
Yorb supporting products
8. Password Manager
- Provide a safe way to store passwords and encourage users to have good password habits.
- Passwords are stored securely and can be accessed through approved browser plugins and mobile apps.
What does it involve?
- People still use “password” as a password, which isn’t secure. Help users by giving them a way to create, store, and access strong passwords.
- Using weak passwords can lead to the loss of sensitive data, resulting in financial losses, fines, and damage to reputation.
Why is it important?
- SecurePASS
Yorb supporting products
Where does your business stand?
The Yorb recommendations won’t keep your business from ever having a security breach. But, they’ll lower the chance of a successful attack. Make sure to look at primary IT systems like Microsoft 365, Accounting, and Payroll. You should also examine any ShadowIT* that your business might use.
To further protect your business, follow a comprehensive security strategy. This should match a universal security standard, like CIS or ISO27001. Our Professional Services team can help raise the level of security in your business, by developing a security strategy that aligns to your appetite for risk.
More Information
Ask us about
- Data Leak Prevention
- Information Rights Management
- Data Classification
- Identity Management
- Dormant Accounts
- Single Sign On (SSO)
- Asset Management
- Hardware
- Software
- Enterprise Architecture
- Network Segmentation
- Privileged Access Management & Monitoring
- Change Management
- Darkweb Monitoring
- Microsoft 365 Monitoring
- Microsoft Secure Score
- ShadowIT
- Penetration Testing
LET US HELP YOU CREATE A SECURITY ROADMAP AND KEEP YOUR SENSITIVE DATA SAFE FROM HACKERS.
Own a business?
Palmerston North
40 King Street, Palmerston North
Napier
25 Bower Street, Napier
Whanganui
15 Purnell Street, Whanganui