The minimum cyber security requirements for London businesses:
As a bare minimum – London businesses require the assistance of qualified personnel who are skilled in all aspects of cyber security compliance and are accredited with Cyber Essentials Plus certification. This ensures you can trust that your managed IT service provider is equipped to support your operations. As a business, you must establish only secure and fundamental network services can be accessed from the internet.
Is cyber security just an issue for London businesses?
No. Cyber Security is a critical element of IT Support for businesses in London, across the UK and all over the world for that matter.
Cyber Security is fundamentally important for any business reliant on computer devices dependant on a secure internet network, which in turn communicate with other devices/ services via an internet connection.
Impeding access to these services will lessen the attack surface of your business. This is a critically important component of your infrastructure management strategy. One way this can be achieved is by using something known as a firewall.
It is important to understand there are two types of firewalls. There are ‘host-based’ firewalls and ‘network-based’ firewalls.
A ‘host-based’ firewall can be set up on a computing device such as a desktop, laptop, tablet, smartphone or IoT device. This serves only to protect the particular device the firewall has been configured on. It is important to note the rules only apply to that particular device wherever it is used. ‘Host-based’ firewalls provide you with the ability to apply unique ‘rules’ when configuring the firewall on your device, however, this requires a greater administrative burden in terms of the configuration.
Network-based firewalls are ‘exactly what they say on the tin’. This type of firewall is configured on your routers dedicated firewall appliance; serving as a ‘perimeter’ protection for internal network devices, diminishing the level of both inbound and outbound network traffic to your systems.
‘Network-based’ firewalls protect your business from cyber-attacks by configuring restrictions, and much like host-based firewalls, have their own ‘firewall rules’. Network-based firewall rules enable you to prevent disagreeable internet traffic from entering your network, based on where it came from, its intended destination and the mode of communication used to deliver it (i.e. email; web traffic etc.).
The correct configuration and implementation of both ‘host-based’ and ‘network-based’ firewalls are the foundation of a sound IT infrastructure management strategy for businesses of every size. Businesses who take this approach demonstrate a clever, proactive intelligence in their cyber security strategy. This is before implementing the IT Disaster Recovery and Business Continuity elements to their overall IT Security plan.
However, implementing effective firewall rules (both ‘host-based’ and ‘networked-based’) in order to protect your business from cyber threats while ensuring technology has a minimal adverse effect on staff productivity is a balancing act you have to get right to achieve a harmonious business model.
How do I know our IT team have ensured our infrastructure is in line with National cyber security protocol?
Regardless of the firewall type, companies should have a clear justification for each firewall rule and this should be reviewed and updated regularly. Any changes should go through an industry standard infrastructure management process.
Where possible administration of the firewall should be locked down to specific trusted IP addresses and access should be granted to named individuals rather than generic accounts.
In addition to a boundary firewall, client-based firewalls for workstations and servers should be enabled.
Every desktop, laptop, tablet, smartphone or IoT device within your business must be protected by a correctly configured firewall or equivalent network device.
For effective firewall configuration – it is critical that skilled individuals (preferably cyber essentials plus certified) from within your organisation or from a managed IT service provider are regularly:
- Changing default administrative passwords to a substitute too time-consuming for a hacker to figure out. Fifosys recommend immobilising remote admin access to your password database affirmatively.
- Prohibiting access to the administrative interface for managing all firewall configurations online – unless you have a definitive business necessity to do so, are maintaining a record of all system logs and are protecting the interface with one of the following controls:
-
- 2-Factor Authentication, such as a one-time SMS token
- An IP whitelist limiting access to a group of trusted addresses
- Implement a default firewall rule to prevent all unauthenticated inbound connections.
- Ensure qualified personnel have ensure ‘inbound firewall rules’ are approved and documented by an authorised individual. The business need for such an action must be included in your records and be reviewed regularly
- Remove or disable permissive firewall rules quickly, when they are no longer needed. Use a host-based firewall on devices, which are used on untrusted networks, such as public Wi-Fi hotspots.
The boundary firewall is the first line of defence for most businesses and is designed to safeguard the network, systems and data from external threats. Traditionally firewalls allow or block data packets based on protocols, ports or addresses. However, over recent years, external threats have become more sophisticated, much more prolific and traditional firewalls no longer provide a sufficient level of protection for organisations.
Because of the above, traditional firewalls are now being superseded by Next Generation Firewalls. These next-gen firewalls provide granular intelligence in distinguishing different kinds of traffic such as legitimate business applications or cyber-attacks. Some of the features designed to protect the network include:
- Content filtering;
- Gateway Anti-Virus and Anti-Phishing;
- Identification of applications plus enforcement of network security policy at the application layer, because applications (rather than networking services and components) have become the greatest area of exploitation today by malware and other attacks;
- Integrated signature-based intrusion prevention system (IPS), which specifies which kinds of attacks to scan for and report on.
In conclusion, two key elements to remember in regard to the security of your business network is ensuring every ‘internet-facing’ computer device is protected with ‘up-to-par’ firewall configurations; and to adopt the same approach when setting up your ‘network-based’ firewall rules to ‘safeguard your perimeter’ from undesired internet traffic; all the while not impeding the productive workflow from one department to the other.
Guest article written by: Mitesh founded Fifosys, one of the leading IT companies in London, in 2001 following completion of a master’s in computer science. He has a reputation for straight talking, delivering focused and effective directives to his clients. Mitesh has an in-depth understanding of both operational and transformational IT projects, and leads the business strategy at Fifosys. He also acts as a mentor, guiding junior aspirants commencing their business career.