The Essential IT Security Checklist, Part 2: Beyond Cyber Essentials

Published
Cyber Security Checklist - Beyond Cyber Essentials

When it comes to IT security, there’s really no such thing as too much.

There’s a balance, of course, between need and cost, but if you want the peace of mind that comes from knowing your business is totally protected, it’s worth at least knowing your options. That’s exactly why we put together this two-part guide to essential IT security for businesses.

If you haven’t already read through part one, you can do that by clicking here now. If you’re ready to get started – and dig into some more advanced topics than those from part one – then what are we waiting for?

Why go beyond Cyber Essentials?

Before we go into detail on these advanced areas of IT security for business, let’s first refresh ourselves on Cyber Essentials – and why you might want to go beyond the five pillars it presents as part of its certification.

As we explored in depth during the first part of our checklist, the government-backed Cyber Essentials certification covers five basic controls, but these are really the foundations of IT cybersecurity protection. In the words of the government:

“Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. Our advice is designed to prevent these attacks.”

It’s clear, then, that there’s some additional headroom here for boosting your business’s cybersecurity – and we’ve compiled five additional areas you should be concerned with for absolute peace of mind.

Let’s jump in.

1. Encryption

The first advanced topic we’ll look at is encryption. Put simply, this refers to the process of encrypting either specific files or entire hard-drives or devices so that only authorised individuals can actually access them using their password, PIN, biometrics, etc. Files can be encrypted either in transit (to storage or other devices) or at rest (i.e. while stored).

The advantage of encryption is that, even if your device is lost or stolen, the data on it will be unusable without the authorization needed to decrypt it (password, PIN, etc.). This is yet another reason to ensure that your password is as strong as possible. You might also consider using a password manager to level-up your security.

Here’s how you can use encryption to help your business:

  • Fully encrypt your team’s mobile devices. Your team’s smartphones and laptops are perhaps the most vulnerable to loss or theft, so encrypting them will ensure that – even if the worst happens – your business-critical data is still inaccessible. For the utmost security, you can also encrypt workstation desktops and servers.
  • Secure your remote connection via VPN or RD gateway. More of us are working from home than ever before, so it makes sense to use remote desktop – but this should be protected via either a VPN or RD gateway.
  • Enable encryption of your data in transit. It’s good practice to leverage technologies like HTTPS to encrypt data as it’s being transferred via the internet. You should also encrypt sensitive data when sharing it via email.

2. Backup and Replication

Like any form of critical data, one of the best ways to keep it safe is to back it up. This often forms part of a company’s Disaster Recovery Plan, and for good reason

Here are our recommendations for keeping your business-critical data backed up… the right way.

  • Offsite, air-gapped, or secure cloud backups. Keeping backups of your critical data offsite is an excellent way to mitigate physical disasters or breaches. Ideally, these should be ‘air-gapped’, so they’re physically disconnected from any server or network to prevent tampering. For additional protection, you might also choose to store backups on a remote server via the cloud.
  • Back up your cloud app data. If you’re enjoying the many benefits of Microsoft 365, it’s easy to rely on their cloud-based backups – but don’t forget that they’re out of your control. It’s a good idea to also backup these files yourself.
  • Set up storage replication for high availability. If you want the ultimate protection from business disruption, you can set up a replica system which can come online as soon as the existing one goes down. This doesn’t protect against data loss, but it does prevent downtime.

3. Physical Access

Here’s a topic which is actually quite easy to overlook. With such a focus on the digital side of IT security, tending to the physical security of your infrastructure can slip through the cracks.

We’re referring to the servers, workstations, and other IT hardware you might have on your premises. Your networks could be locked down like Alcatraz, but if just a single person leaves an office door unlocked, it can cause untold damage.

Here’s how to prevent that:

  • Verify on-site security for your servers and IT hardware. It may sound obvious, but you should ensure that your servers and other critical IT infrastructure are located in a secure room or office.
  • Log access history to areas with key IT infrastructure. Accountability and logging is essential for tracing potential physical breaches, and logging all visitors to a certain area is an excellent way to achieve this.
  • Install CCTV monitoring systems. While privacy is always a concern, especially for employees, installing CCTV cameras only in areas where business-critical data is stored makes good security sense.

4. Monitoring, testing, and logging

Even the best cybersecurity systems in the world can develop vulnerabilities over time. For this reason, having a system in place for monitoring, testing, and logging is essential – especially for larger businesses with lots of data.

Here’s how your company can implement processes to monitor, test, and log your IT security measures:

  • Test your devices for vulnerabilities. It’s possible to carry out a scan to test your internet-connected devices for potential vulnerabilities which could be exploited.
  • Send dummy phishing emails to create training opportunities. Want to really test out your employees’ security savvy? Send dummy phishing emails, see who responds, then use the opportunity to train them in what not to do.
  • Deploy file access logging software. One of the best ways to track and trace potential breaches is to see who accessed which files and when. Access logging software tracks creation, modification, and deletion of files.

If you’d like to take your monitoring, testing, and logging measures to the next level, here are a couple of more advanced options:

  • Monitor all incoming and outgoing internet traffic. While it may not be the most popular choice with your staff, it’s always possible to monitor all incoming and outgoing web traffic – giving you an easy way to identify breaches.
  • Invest in Penetration Testing. If you want to go all out on your susceptibility to cyberattacks, you could hire a IT security penetrator, who will deliberately try to hack your systems and identify all of your weak spots.

5. Data Loss Protection

No matter how excellent your physical and network security may be, there’s always an outside chance that data loss could occur due to hardware failure or – quite simply – theft.

We know it’s not a pleasant topic to think about, but it’s still a risk worth considering. Luckily, there are plenty of ways to mitigate it:

  • Use remote desktops to keep data centrally located. One of the best ways to prevent data loss is to simply not allow it to go physically off-site. With a remote desktop solution, your staff can work on business-critical data from anywhere via a secure connection – without any data ever leaving your local infrastructure.
  • Disable USB ports on local machines. USB ports are certainly handy, but they can also be security risks. After all, it only takes one person to insert a USB drive and copy over as much unencrypted data as they like. The solution? Simply disable the USB ports on your local machines.
  • Deploy a DLP solution such as Azure Information Rights Management. With a rights management suit such as Azure RMS, your files will be protected by encryption, identity, and authorization policies across multiple devices. In a nutshell, this means that your files will only be accessible to approved people, no matter where they’re stored or accessed.

Take your IT security to the next level today

That brings our essential guide to IT security to a close – and we very much hope you’ve learned something useful to help keep your business safe from cybersecurity threats.

As always, if you have any questions, clarifications, or requests of the Get Support team, we’re only ever a phone call away. All of the security measures we’ve covered in both parts are available as part of our support packages, so feel free to drop us a line today on 01865 59 4000.

We’ll talk you through everything to keep your business safe in plain English – guaranteed.

Latest From The Blog

Microsoft 365 Copilot Wave 2: What You Need to Know

In September 2024, Microsoft announced Wave 2 of Microsoft 365 Copilot, and with it, lots of fresh new ways to supercharge your working day with AI.

Microsoft is Finally Killing the Control Panel… Or Is It?  

Microsoft is finally saying goodbye to the Control Panel in favour of the Settings app. But is there more to this story than meets the eye?

A Fond Farewell to Microsoft Publisher

After a 33-year career, Microsoft announced that Microsoft Publisher will finally reach end of life status in October 2026.