Welcome to F&B Sounds Bites a podcast on hot topics, trends and challenges for professionals in the Food and Beverage industry hosted by Hamish McCook.
We haven't just been fighting a virus in the real world, but also in the virtual world. The recent cyber attacks have made many a little nervous about how safe their digital data really is. We speak with Jonathan Stirling, our Security Consulting team lead, on this topic. He'll ease your concerns with some of his 13 practical tips to help keep your data safe.
Jonathan’s 13 tips for improving your cyber security
Jonathan recommends considering the following 13 areas (in no particular order) when reviewing the cyber security for a business or system. Each area should have evidence that it is conducted and covers all elements of a business or system.
1. Patching – Have a process for keeping systems up to date and fixing the vulnerabilities that manufactures have solutions to.
2. Back-ups – Maintain up-to-date, off-line back-ups, and routinely test the recovery of these, including configuration files and setting of control and manufacturing systems
3. Authentication – This includes the use of multi-factor authentication whenever possible (noting that some older systems do not support this), the use of long, unique passwords; and password change processes, especially for default passwords, higher privilege access (administration passwords) and security appliance passwords.
4. Defense in Depth – Providing multiple security layers between the Internet and the important bits, like finance records and manufacturing systems. The different security layers should also be different devices to catch any deficiencies in a single system.
5. Segmentation – Separate devices based on access or role, with restricted access and communication between devices and network segments to restrict the impact of a security incident.
6. Monitored – Have a real-time system reviewing all network and security logs to detect abnormal behavior or traffic. Also monitor (dark web) releases of company related information or credentials.
7. Training – People with access to your networks are vulnerable to compromise, but they can also be part of the solution and add to your cyber defenses. Training is key to increase awareness and empower these people. Make sure you have a process to train and test personnel, especially those with access to valuable systems or front line / public facing roles, for example personal assistants, receptionists and financial clerks.
8. Suppliers – Access to your networks is often not limited to employees, but also include suppliers who also provide hardware and software that operate on your networks. Have a process for vetting suppliers and systems, and make sure security controls are appropriate and are followed, such as changing default passwords.
9. Least privilege / Just-in-time access – Instead of 24/7 access limit elevated rights to activities and times that require it.
10. Recovery plans – Have a plan ready for what to do and in what order and practice it for when something goes wrong. Make sure this includes a communications plan.
11. Security Testing – Test your system to give you the confidence that your security controls are effective. Testing should cover a range of scenarios and be provided by a range of suppliers to give the coverage needed. Recommended improvements from previous tests should all be reviewed and assessed for implementation (or not).
12. Application White-listing – Restrict running applications to those that are needed and trusted. Un-install any applications that are not needed. Have a system for reviewing and permitting new applications.
13. Application hardening – Disable unused services and protocols. Have a system to automatically control permitted services and applications, such as Group Policies.
F&B Sound Bites is distributed as an email every 5-6 weeks. You can read the first one here.
If you'd like to get on the distribution list, you can sign up here. We'll only send you content related to the F&B Sound Bites series.
All podcasts can be found below: