Cyber Security Threatosaurus – Combat the Threats

In the previous blog in the series, we explored cyber threats that aim at targeting your users predominantly. In this, the second and last blog in the series, we will explore what you as the manager of the business can implement to improve the quality of cyber security within your organisation.

Malware protection

Malware is software that is designed with the sole intention of causing carnage to a computer system, server, client, or network. Malware is by far the most common form of computer virus. It attacks software and makes copies of itself, before sending itself to any computer or device in association with their target.

How to combat it

Depending on its sophistication, Malware can be very hard to fight back against. Here are some ways to make sure you are more secure against it:

• [Install Anti-Virus software on all computers, both at work and at home. Most popular operating systems include a free type of Anti-Virus software, but, unfortunately, these tools are usually very basic and offer a very limited level of protection which are almost definitely not sufficient to ensure you feel comfortable about being secure. Anti-Virus is very easy to use and is as simple as clicking ‘enable’ once downloaded. Smartphones and tablets can require different methods, but all contain end-user device (EUD) security guidance which is easy to find online.

• Only download apps for mobile phones and tablets that are from manufacturer-approved shops. Apps from unknown sources will not have been checked for Malware! Be sure your staff do not download apps from these sources. However, there are manufacturer-approved shops that are universally safe to use, such as Google Play and the Apple App store, which are constantly monitored to ensure they provide a certain level of protection from Malware.

• Run your apps in a ‘Sandbox’. Running your Apps in a Sandbox stops them from communicating with other parts of your network or device so they cannot be harmed.

Firewalls

A Firewall is the barrier that sits on the edge of your network. It parts your ‘trusted’ network from the internet (the ‘untrusted’ network). A Firewall works like the door to your house; when access is permitted the door is open and people can come in and out as they please, but when access is not permitted the door remains closed. Firewalls work on this concept.

A Firewall’s job is to prevent those that are not permitted from gaining access to the network, in turn, stopping them from being able to gain control or visibility of your sensitive / personal data and systems, all whilst simultaneously allowing secure access to those external to the network with access privileges. This could include the provision of a VPN or certain network ports being open to third party services, such as a VoIP phone system.

How to implement one

For smaller businesses that only run a few end-point devices, Firewalls can be implemented at a device level, but this does completely depend on the size of the organisation. A Firewall combined with other measures, such as anti-malware software, and being diligent with your patch management, should ensure your network’s security.

Larger businesses, on the other hand, would not be able to implement them at a device-level as this would be impractical and very difficult to manage. Therefore, they require the use of boundary Firewalls, and you should at the very least invest in a physical or cloud-hosted Firewall server.

Access controls

User accounts are the main doorways to your systems, allowing the use of applications, devices, and sensitive information (contact details, bank details, personal information of any kind, etc). Only allowing access to authorised personnel with user accounts that match their position in the hierarchy of the business (junior, senior, manager, etc) dramatically reduces the risk of information being stolen or damaged.

The ramifications of accounts with special access privileges being compromised have the potential to be disastrous – the entire business could cease to be, depending on the level of the attack. They could be used to facilitate a large-scale business-wide attack – causing untold derogatory effects on your business.

Only allow access to authorised personnel to the point that they need it!

Up-to-date software

Up-to-date devices are essential to a secure work setting. If your devices aren’t equipped with the latest protection at any and every opportunity you are leaving yourself open to cyber attacks – and as mentioned before – potentially business-defining damage to your systems.

People presume that updates are so you, the consumer, can enjoy new features and the improvements in its functionality, but updates have a much more important job. They remedy any vulnerabilities that have been discovered. Manufacturers will remedy any security problems as they know it would be bad for business if everyone was getting hacked and security holes were being found, so update as often as possible.

Technology and IT has a lifespan and is constantly changing and evolving. Manufacturers are constantly finding new ways to get the most out of your technology in the securest way possible. But with these advancements in technology and, in turn, the levels of security capable within your tech, Malware is evolving just as quickly so it can be used to mount a fight against your security measures.

With this in mind, updates need to be as regular as possible. As we have already touched on, tech is constantly evolving – and at a faster rate than ever – if anything its journey will only get faster. If a device or software in your possession stops being supported by the provider it is imperative that you purchase a modern, supported replacement ASAP, or face the potential problems with your IT in the future.

Even once you have educated your employees to the best of your knowledge and put in all the cyber security measures you can, there is still the opportunity for human error and cyber criminals succeeding in breaching your defences. In this eventuality it is essential you have good data backup.

Data backup

Understandably, you don’t want it to get to this point but being prepared is a good thing.

Use the 3-2-1 backup rule. This is where three copies of the data exist; two should be on separate storage media and one stored offsite (in the cloud, for example) for disaster recovery purposes.

Data backup is all about risk management. You should spread your resources so if hackers do gain access to one you have somewhere else to go. Data compromising events aren’t just cyber criminals but can take many forms – from hardware failure and cyber attacks to robbery, fire, and flooding – so having a plan to ensure data recoverability could result in saving your business.

Where to begin with Data Backup

With so many data backup options available and with businesses often requiring a tailored approach, it’s hard to summarise how to perform a comprehensive data backup that will suit all businesses. Below are a few basic rules to follow when it comes to data backup.:

• Don’t be afraid to store data in more than three locations – just make sure you keep track of where everything is.

• Take advantage of the many benefits of Cloud storage. The Cloud can act as a cost-effective, convenient, and easily accessible storage option. This is ideal for disaster recovery in the event of a serious disaster, such as an office fire.

• Storage is cheaper than ever, so instead of picking and choosing individual documents why not just back everything up?

• Keep physical copies of documents where appropriate. Filing cabinets are starting to feel like they belong in the past but there is no harm in storing paper copies of some files.

Now that you have read the two blogs in the series, hopefully you are prepared for a cyber attack or, if the worst was to happen, be backed up so you can continue trading and survive the attack.

Keeping your technology functional and secure – 4TC

We recognise the challenges that businesses face daily with their technology – and security is one of the most prominent of them all. Our team of experts will work together with you to find a cyber security strategy that compliments the way you do business. We will also educate your team to be sure that they understand the strategy and are prepared for whatever a cyber criminal can throw at them. With our help you can go into the future confident that your systems are secure.