So, you’ve heard of the NIST cyber security framework, the CIS cyber security framework, and Cyber Essentials; but have you ever heard of… The Onion?!
The onion cyber security framework might change how you think about cyber security in your business.
Cybersecurity can be a bit of a daunting thing for small businesses. So many people online give different advice on what to do, which can be pretty overwhelming. The best way to avoid this is by following the same framework. We are massive supporters of the cyber essentials framework that we have here in the UK. It includes some basic protocols to help set off your cyber security journey. However, it can still be pretty scary for the average SME owner as it can get confusing.
So, is there an easier way to do it?
Well, that’s what this blog is all about—the onion.
So what on earth does an onion have to do with Cyber Security?
The Onion
The reason that we all call this the onion framework isn’t that it makes you cry, so don’t worry. It is because it has different layers of cyber security, just like the layers of an onion.
A single layer of protection needs to be improved and still exposes your business to the massive cyber security risk.
I’m going to walk you through four different scenarios in your business so you can apply the onion framework.
Ransomware
Nobody wants ransomware running through their business; it causes data loss and scrambles up all your applications, meaning we can no longer access anything. Until the cyber criminal is paid, and even then, we might not get it back!
An up-to-date backup is a method to have in place for a successful recovery. Therefore, you can restore your data if you suffer from a random attack. This means you also won’t lose any money from paying the ransom.
But what other layers can you incorporate?
- Ensure that all of your devices within the business are kept up to date so that they’re all fully patched.
- Ensure that staff and employees don’t use USB storage devices
- Implementing security software to help stop ransomware from spreading throughout a business.
- Implement an excellent email security solution to help prevent dodgy emails from reaching people’s inboxes.
Now you can see the different layers of the onion taking shape with the different layers of protection to help protect the business against ransomware.
You can never 100% guarantee that your business won’t get ransomware, but each layer of cyber security protection you add significantly reduces the risk.
Email Security
Most cyber-attacks originate from email, with cyber criminals asking you to click on links or attachments that could install malware.
- Implement great email security solutions to prevent phishing emails from reaching the mailbox. Defender for office 365 is excellent if you’re a Microsoft 365 user.
- Cyber awareness training is excellent for teaching those using devices within your business about cyber criminals and cyber attacks. This will decrease the risk of human error.
- Multi-factor authentication can also be used. If a phishing attack gets through the security systems, the multifactor authentication will prevent it from becoming a more significant issue.
Hardware Failure
Many businesses still use servers within the office, and if they break down for any reason, the service it provides will also be down. You could be without files or folders or even your email access.
Ensuring the server has two power supplies and more than one hard drive. This means if one of them fails, you have others to fall back on.
Getting a hardware manufacturer warranty from the people who make the server means that if the hardware does fail, the manufacturer technicians could come and fix that server within, say, 4 hours.
For businesses that cannot do without the server for that long, the server can be replicated to the cloud. So, if the server had an issue, you have a version over the cloud. So you’ll be able to stay connected.
Business Data Security
We want to ensure that our business data is protected and does not land in the wrong hands.
To begin with, we could put policies in place that instructs team members not to share certain types of information with people outside of the business.
However, this wouldn’t prevent a malicious employee from saving data on a USB stick or printing it off.
To solve this, we could implement Email encryption and sensitivity labels and ban UBS storage devices.
Now, if you’re an owner of an SME, you might be thinking that you don’t have the knowledge etc. But that is where we come in.
If you have any questions, worries or issues, you can call or email us.