J2 has developed a layered security approach, using inputs from various globally accepted security frameworks, to provide real and practical security for every business. Not every business will want to, or be able to, achieve ISO27001 certification or have a legal obligation to comply with specific data security and compliance regulations, but it is still a great idea to use the practical aspects of programs such as these to ensure a comprehensive, affordable and real cyber security program is deployed within your business.
We understand that the adoption of a formal program will differ from business to business, however the basics remain the same. Using our approach to practical security for your business it is important to break down the key areas of risk to IDENTIFY what it is that you will be securing. These categories can be described as follows:
The users are the biggest area of risk within any business. This is because the users and associated user accounts have access to data and systems. Securing the user is a critical aspect and overlaps into every other area that requires protection including email, data, machines, systems and the internet. The user is the weakest link in the security chain, not because they are inherently risky, but because their access can be exploited to breach systems. Users touch all systems and devices across the business. For example, the user requires secure access to systems and needs the ability to interact with data, the internet, other machines and people. J2 recommends a user-centric approach to security rather than maintaining a network focus because in the modern workplace the network no longer exists. Your network is wherever your users are.
The most intrusive of all business systems in the modern workplace is email and other collaboration tools. Email is often used to process orders, confirm bookings or send invoices and provides almost immediate capability to service your customers. Email is also the most targeted method of attack by cyber criminals. Using email, social engineering and targeting your users; cyber attackers will take advantage of any misconfiguration or security gap to get hold of your data and systems. This collaboration now extends further to cloud and online platforms where your sensitive and financial information resides. Your cyber security program must incorporate visibility and protection of the tools used in the modern workplace to ensure their security. Cyber resilience for email is a pivotal component of the cyber security program and overlaps with user, data, machines and internet portions of your risk profile.
The lifeblood of any business in the modern age. Data is the new oil. Data is your competitive advantage and losing this edge can lead to major losses and even closure. Protection of data, wherever it resides or wherever it moves is key in a layered and comprehensive security program. Cyber resilience requires data management to extend beyond access only. In order to ensure secure availability of data you will also need to incorporate encryption, access controls, monitoring and effective backup. A lost laptop or hard drive should not mean a loss of competitive advantage or require the notification of the Information Regulator. Cyber resilience for data gives you the peace of mind that when data is deleted, misplaced or encrypted you have control over the restoration. We will also work with you when it is time to forensically delete data from hard drives or old machines. The protection of information is not only critical to business operations, it is also a vital part of compliance. Deploying practical and affordable data protection can be achieved.