As we explored in our previous article, due to the rapidly increasing levels of cyber criminality being experienced by businesses of all sizes all over the globe, it is essential that you take the cyber security of your organisation seriously. We explored in detail two of the world's most common forms of cyber attack, favoured by cyber criminals for their ease and average likelihood of success - this high success rate is due to the attack needing the user to ‘authorise’ the attack. Users often do this by accident – to learn more check out our previous article ‘Knowing your cyber threats – A user’s influence’. (<Link that back to the first blog article)
In the remainder of this article, we will explore your role as management in the prolonged security of your IT landscape – and, in turn, your business.
You have probably at the least heard of them, and it is almost guaranteed that you have used a system with one installed – even if you didn’t know. A Firewall sits on the edge of your system, almost like a bouncer on the door of a Nightclub granting and refusing access. Like a bouncer, it creates a barrier between the ‘trusted’ network and the untrusted one – the internet. When the Firewall refuses access it stops cyber criminals in their tracks, and prevents them from being able to gain access, control, or visibility of your sensitive data and systems – but, don’t worry, your authorised users will still have full use of the system and be unhindered when on it.
Firewalls – How do I use them?
Smaller businesses that only operate with a few devices can implement Firewalls at a device level. For a Firewall to work effectively it must be working in conjunction with other security measures – anti-malware software combined with the due diligence of an educated and able staff team will put your systems in a good place in terms of security.
Unfortunately, larger businesses can’t use Firewalls at a device level as managing them would be far too time consuming and impractical. Larger business require boundary Firewalls – if you run a larger organisation, you should - as the bare minimum - invest in a physical or Cloud-hosted Firewall server.
You must be certain that access to information is on a need-to-know basis and each user’s access mirrors that user’s station within the company, because allowing uncontested access to your team is a recipe for disaster. Once access is granted it can be gained to that set level on any device, subject to those access and security settings. By doing this you are dramatically reducing the risk of data being lost, stolen, or damaged.
You must protect accounts with special access privileges, because if one of them gets compromised by a cyber criminal they could cause potentially business-defining damage to not just your IT landscape but the entire organisation. Often these accounts aren’t compromised for immediate gain but instead to facilitate a large-scale attack in the future, when the cyber criminal will gain access and lay in wait for the prime opportunity – when you and your team are unprepared - to unleash their attack. If one of these large-scale attacks is successful it could mean a serious drop in your reputation as an organisation, your bottom line, or – in the worst-case scenario – the end of your business altogether.
So, only grant access to authorised personnel to the level that they need it to effectively complete their role – allowing them more permissions than are necessary is asking for trouble.
Malware is software designed with the sole purpose of causing problems or damage to a computer or server. Malware is one of the most common forms of computer virus – the virus is designed to attack your software; it then clones itself before sending multiple copies of itself to any computer or device that has an association with the original target.
Malware – How do I fight against it?
With the unpredictability of Malware, if it goes unchallenged it can render your computer systems – and in turn your business - completely useless. Luckily, there are measures that you can take against it – let’s look at those now:
1. Use manufacturer approved apps only! – Purchasing Apps from unknown /untrusted sources can cause serious problems as they more than likely haven’t been checked for Malware! It is imperative that you teach your users the potential damage that can be caused from purchasing apps from these sources. There are sources that are manufacturer approved on the market which are trustworthy. The best examples of these are the Apple App Store and Google Play, which are safe because they are both constantly monitored to ensure that they are safe to use.
2. Install Anti-virus software on all computers and devices. Most devices come with a free version which is obviously a good thing, but it is beneficial to remember that these are very basic and shouldn’t be trusted. If your systems are targeted by a sophisticated attack, they will stand little chance of being defended effectively.
3. Use a Sandbox. Not the one down the local park - a Sandbox in computing is a protected environment within a network that operates separately from the main network. The apps run here cannot communicate with other parts of your network or device, which keeps them out of harm’s way.
Cyber crime is rapidly increasing in commonality -, you must be certain that you are prepared for the worst-case scenario and have an effective data backup strategy ready – not having one could spell disaster and result in some serious downtime.
The 3-2-1 backup rule is a good way of thinking about it; you need 3 copies of your data, 2 should be kept on separate storage media, and the other one should be stored offsite and be specifically for disaster recovery purposes. Spreading your resources across multiple locations is the only way to ensure business continuity, because it is highly unlikely – in fact, practically impossible – that they will come under attack at the same time, meaning business never need stop. This is referred to as ‘data risk management’ and is beneficial for many reasons. The wake of a cyber attack isn’t the only time that these data backups could prove useful - there are a variety of different potentially data compromising events that could mean that they are needed (for example, the business hardware could fail or there could be a fire - the possibilities are endless). The point is, having a plan in place to ensure data recoverability is the difference between your business shutting its doors - potentially forever - and you simply having a few hours of downtime before getting back to business as usual.
Data backup – where to start
The majority of businesses need a catered approach to data backup. With there being so many options available on the market today, it's impossible to say ‘this is right for your business’ without getting to know you first. But follow these rules whilst considering all the options and your decision will be a good one.
1. Take advantage of the various Cloud storage options. The Cloud is both cost-effective and convenient, and this factor, alongside it being the most easily accessible storage option makes it a favourite for many. It is ideal for disaster recovery, allowing you access to your data almost instantly.
2. Keep physical copies of documents wherever possible and safe to do so. We know this sounds like a strange one with the world in the midst of a technological age that is showing no signs of diverting from it, but filing cabinets still have their purposes. If you can physically see and protect the data yourself it removes the cyber threat completely.
These articles should have highlighted the seriousness of cyber security to you, and some of the ways that cyber criminals carry out attacks on businesses. We also explored ways to stop their attacks being successful, and the ways to back up your system in the eventuality that all else fails. We hope that they have put you in good stead to a cyber secure future.
Ensuring the effective use of technology
BCNS make business easier and more cost-effective in guaranteeing that you and your team are always connected to each other and your clients. Our team of experts will assist you throughout the transition to be sure you achieve exactly what you desire – at the same time we can reduce your expenses and improve your security as well as performance! Contact us now and find out how we can help you with your business communications and move into a more productive future.