10 steps to better protect your business

03 June 2025

Paul Colwell, CISO, Wavenet

Paul Colwell,
CISO, Wavenet

The recent attacks on the retail sector aren’t isolated incidents; Wavenet recommends 10 proactive measures to reduce your risk:

1. Deploy phishing-resistant multi-factor authentication (MFA)
Secure your access points with advanced MFA solutions including hardware security keys and modern app-based number matching.

2. Enforce strict call-back verification for password resets
Enhance your password reset procedures and instate strict call-back verification protocols. This ensures the identity is thoroughly confirmed before any sensitive account changes are made.

3. Implement network segmentation
Implement VLANs, firewalls, and access controls, and regularly test segmentation effectiveness to isolate critical systems and limit lateral movement by attackers.

4. Patch business-critical systems in a timely manner
Stay updated, monitor for new vulnerabilities, schedule and deploy patches, and verify successful updates to minimise the window of exposure to known exploits.

5. Regularly test your data backups, failover and failback
Schedule and conduct regular backup tests, including failover and failback exercises, to ensure data can be restored quickly and reliably in a crisis.

6. Monitor security logs for suspicious activity
Implement 24/7 security monitoring with a SOC, using advanced SIEM tools to manage suspicious activity in real time.

7. Perform regular penetration tests including social engineering assessments
Engage in regular CHECK and CREST-accredited penetration testing for technical and social engineering assessments, detailed reports and actionable recommendations to address weaknesses.

8. Create and rehearse business continuity & incident response plans
Regularly rehearse Business Continuity and Incident Response Plans and facilitate tabletop exercises and live simulations to ensure your team is prepared.

9. Prepare and protect your data using the 3-2-1 strategy
Regularly review backup strategies to ensure compliance and resilience, using the 3-2-1 rule: three copies of your data, on two different types of storage, with one copy off-site (or in the cloud).

10. Ensure your data is immutable or air-gapped
Configure immutable backups and set up air-gapped storage solutions, for maximum protection against ransomware and insider threats.
Is your organisation prepared for evolving threats?
Your business must evolve too, and we can help: wavenet.co.uk/cyber