We get asked lots of questions by our clients about computer security so we thought it might be handy to share some of our top cyber security tips.
1. Educate your staff
Cyber security training should be mandatory for all staff and contractors. One quarter of email recipients open phishing emails and 11% click on the attachments. Exploiting this human error renders all IT security measures useless. Over 95% of security breaches are due to this type of human error.
The following websites provide some useful basic information:
2. Control your software
Have a list of approved software for your organisation and blacklist denied applications so they can’t run (we can help you with this). Combine this with regular software updates and you will have the best chance of being protected against the software vulnerabilities that are already known to major software companies like Microsoft, Apple, Adobe etc.
3. Patch Management – Do your updates!
G5 manage the server updates for you but ensure your PCs are up to date too. Patch management is the key to protecting yourself against attack. Doing your software updates regularly reduces known software or network vulnerabilities that cyber criminals exploit. Many users will switch off automatic updates if they can which means your business is exposed to greater risks online. A common complaint from users is that doing windows updates or upgrading their PC means they won’t get their PC back in time to work on their deadlines. For this reason, many IT breaches go unnoticed until it’s too late.
4. Mobile Device Management
With the increase of employees bringing smartphones and tablet devices into the workplace mean threats like ransomware are increasingly targeting mobile devices. If you haven’t done so already, introduce a strategy to ensure mobile devices are secure to access your network. A mobile device management service allows you track all devices as well as locate any lost devices and block and wipe the data from devices should they fall into the wrong hands. Other benefits include the ability to push out software and security policies to all mobile devices, pc’s ipads and androids. Ask us about our mobile device management, we are happy to provide a free demo.
5. Anti-virus and anti-malware
As a bare minimum, you must have robust, up to date antivirus for each machine connected to your network. We have been advising all clients to purchase both antivirus and anti-malware software for years due to the vast number of threats on the internet. It is estimated that any one security product can only capture up to 40% of threats. Even with two products you can’t guarantee 100% protection from cyber crime which is why you need this layered approach.
6. Back-up your data
The first step towards safeguarding your data from any attack is to do regular back-ups. We check our client’s backups are running every day and ensure that we can retrieve data going back weeks and months, not just a few days. This way we can ensure that they have data to restore in the event of a cyber-attack. Ransomware will now encrypt everything it has access to, including mapped network drives, hard drives and even cloud drives. Ensuring that you have offsite storage for your tapes or hard drives (or at least a fireproof safe) means that you will recover much more quickly in the event of a cyber-attack.
7. Users and admin privileges
Regularly review your current users and their admin rights. A quarter of users that have left a company still have external access to systems. If a hacker gains access to your network via an account that has administrator’s privileges, then it’s your entire network that will be infiltrated and potentially lost. This can be devastating for a business. Users with no administrator privileges have less chance of picking up infections as they can’t accidentally install any malware whist browsing. If a user needs admin privileges to install software then they should have a separate admin account for this.
8. Password Security
Unbelievably, “password” is still in the top ten list of users’ passwords along with 123456. Hackers know this and they will try these types of passwords first. Often they can just guess your password or have a program to crack it. Hackers will guess English words and names for the bulk of the password and then 2 digits, dates and single symbols for the appendages. Then they run these with various capitalisations and common substitutes like @ instead of a and so on. This guess work quickly cracks two thirds of all passwords. If you have a simple password CHANGE IT RIGHT NOW. Your password should be a minimum of 8 characters and should include numbers, symbols, upper and lower case letters and something that isn’t a dictionary word. Ideally, you should have a password security policy in place such as setting passwords to expire every 3 months. We can help you with this.
9. Email security – Spam filtering
Most of the sophisticated cyber-attacks start with the simplest email to an account holder encouraging them to click on a well disguised infected attachment. Ensure you have a spam filtering service to help pick up these malicious emails before they get to your inbox. Microsoft Office 365 has this built in to its email delivery or we are also recommending MaxMail for spam filtering. If you are not sure what you have then please give us a call.
10. Disaster Recovery Plan
Update your disaster recovery plan. With one in 3 companies suffering a cyber-attack, you need to plan for the eventuality of catastrophic data loss. To be fully protected you will need a combination of the strategies mentioned above (which should include an effective backup and recovery tool). Store your vital data separately in a secure location where it can be accessed in the event of catastrophic data loss. We can help you with your planning.
Hopefully some of our tips have highlighted areas where you can help build a robust defence for your business data. Please review your current cyber security policy to ensure you meet all these criteria and get in touch if you need any further information or advice on any of the issues mentioned above.