Innovation Hub

Welcome to our news and blog section. Here you will find the latest updates from theICEway and our IT specialists at ICE. We are frequently invited to attend and speak at industry events, so if you don’t want to miss out on those, this is the page for you.

With more than 20 years’ worth of experience in cruise, travel and healthcare, you will also be able to read more about these key sectors. Of course, at the heart of it all is Information Technology – which some of you may know as ‘IT’ – and we’ll certainly include news on that.

Our ecosystem of companies was founded upon 3 guiding principles, or values: People, integrity and innovation. We always aim to infuse our every effort with one or all of these. The first, ‘people’, includes not only our people, but also those we work alongside each day. If you are reading this, then you can rest assured that it also includes you.

As such, we welcome your comments and feedback so do join in the conversation. You can also follow us on social media using the links below.

  • Twitter logo
  • LinkedIn logo

Cyber security – what is it? Definition & best practices

by Asa Sargeant | September 21, 2022 | Products & Services | 0 Comments

Today we look at a hot topic in the world of IT: Cyber security. News headlines this week have been dominated by a cyber-attack on Uber. Recently, IHG were the victims of a data breach and a foiled ransomware attack. What then can be done to mitigate the risks involved in such attacks?

Cyber Security Definition

Firstly, we need to define exactly what cyber security is. To do that, we must outline its core objective, which is to reduce the risk of cyber-attacks and to provide protection against them. This protection is given to systems, networks, programs, devices and data. The objective is then achieved through the application of technologies, processes and controls.

IT Security in general is becoming ever-more important nowadays, for many reasons:

- Cyber-attacks are increasing in number
- They are becoming more sophisticated
- The costs involved in data breaches are rising
- Cyber-crime in general is growing

There are different types of cyber security to implement:

- Critical infrastructure security
- Network security
- Cloud security
- Internet of Things (IoT) security
- Application security

Who Needs It?

Simply put, if an organisation is connected to the internet, then it is needed. It is a common misconception amongst smaller businesses that they are not a target for cyber-criminals. That is not the case, for many reasons. For a start, many cyber-attacks are automated and designed to exploit common vulnerabilities.

Cyber-criminals seek to gain access to a computer or network server in order to wreak havoc. Once access has been gained, there are many paths (“attack vectors”) that can be used to do this. Common ways to gain access include:

- Website or email attacks
- Via removable media (i.e., Flash drives)
- Using devices containing confidential info which have been lost or stolen
- Unauthorised use of an organisation’s system privileges
- Via a “Brute force” attack (using trial and error to decode encrypted data)

Once in, there are many different types of cyber-threat that can be implemented. Some common types are as follows:

- Malware
- Ransomware
- Spam and Phishing

Malware is a program which operates in secret to compromise the data within a system. It has become a significant external threat and can cause major damage and disruption.

Ransomware prevents or limits access to systems via malware. It then also asks victims to pay a ransom using online payment methods. In return, access will then be returned. Ransomware is one of the most widely used methods of attack nowadays and is difficult to detect. Organisations are encouraged then to implement robust methods of prevention. Examples of this include strong IT Security controls and training for employees.

Spam and phishing are much more common and aim to trick individuals into revealing sensitive or personal information. Most of us have received spam emails containing links – do not click on them! – but these threats are also now becoming more sophisticated.

Top Tips: Preventing Cyber-Threats

- Scan email file attachments and then save them to local drives
- Only allow certain types of files to be sent / received by email
- Restrict removable media usage
- Implement strict access / privilege levels
- Regularly update systems with OS / App upgrades and patches

In addition to these measures, here are some more you can adopt to then increase your levels of security.

Best Practices

 
- Your security efforts should come from the top of the organisation
- Wherever possible, adopt a security by design or risk-based approaches
- Be aware that human error leads to the majority of data breaches
- Therefore, raise a good level of cyber awareness amongst all employees then reinforce this with regular training
- Conduct regular risk assessments
- Ensure you take a strong stance with password / passphrase management

If you did not know much about cyber security before, then hopefully you do now. At least, we hope you have picked up a few tips and perhaps some inspiration to ramp up your own efforts.

CRIBB Cyber Security

CRIBB is a vital part of theICEway ecosystem of companies. Established in 2016, their team are fundamental to our security by design approach to IT solutions. If you require further advice or guidance, then they will be only too happy to help.

CRIBB Services at-a-glance:

- Certifications (including Cyber Essentials & then Cyber Essentials Plus)
- Detection & defence (including vulnerability scanning & penetration testing)
- Safeguarding (including Data Protection Officer services)

New for 2022 / 2023 are our CRIBB Cyber Security Ready (CSR) annual packages. These are designed to help organisations large and small to become more cyber aware. If you do not have a robust IT security framework in place, then these are a big step in the right direction.

Want to read more? Then keep an eye out for a dedicated CRIBB page coming soon to this website. For more information right now, including a wealth of articles, visit the CRIBB website.

Leave a Comment