Business IT Security, are you following the basic steps?
There is basic security that we all accept as habit in our daily lives to protect personal belongings. You wouldn’t leave home without locking the door, you wouldn’t leave your bike without using the lock and you wouldn’t hand your keys or cash to a stranger to look after. These are basic security measures that we all simply accept and understand as a feature of our daily lives.
Whilst IT security is more complicated than bolting your front door and setting your alarm when you leave for work in the morning, there are basic security measures that should be followed to ensure your business is not open at risk to ransomware, phishing and other malware attacks.
The following six key security requirements are fundamental to securing your business and come as a basic part of all the Managed IT offering from CT.
Your password should never be shared with anyone. Your password is to your IT Systems as the key is to your house or car. It can be used to unlock access to all your private information and company data that you have access to. It should be treated with respect and confidentiality.
Password cracking is probably the oldest form of computer hack. It is still incredibly popular today. If you knew where to look you could pick up an advanced password cracking tool from as little as £5 and use it to expose users with simple passwords.
Some quick tips for good password etiquette.
- Never share your password
- Use a secure password management tool and never write your passwords down
- Use a different password for all your accounts
- Ensure your password has 12 characters, include letters, numbers, symbols, upper case and lower case
- Don’t use a dictionary word
- Don’t use obvious substitutions i.e a zero for the letter o
- Try not to use your passwords when on public wifi
- Periodically change your password but don’t suffix it every time with a number!
Anti-Virus should be installed on every computer that your business owns. You should also know that its installed and up-to-date and report on this to ensure your business is compliant.
99% of virus’ change their form every time they install, so traditional Anti-virus is often less effective these days. Therefore you should always compliment good AV with the other security practices in this article. It’s no longer acceptable to say “I have Anti-Virus so I am protected”
Modern Anti-Virus such as Webroot include tools for rolling back changes that malicious software may have made to your computer. It is also very “light weight” therefore it will not impact your use and speed of your computer in anyway.
Anti-Virus on its own is not the key to protect your computers from ransomware. You need a mix (or all) of the security measures outlined to protect your business from ransomware.
91% of hacking attacks begin with phishing or spear-phishing. The majority of your staff will automatically trust email traffic that is arriving in their inbox and most will act upon the contents. Your business should be using some email security software that not only reduces the levels of annoying unwanted email spam but also protects your staff and your business against threats. Your email security suite should provide at least the following
- Filter out spam
- Protect against malware
- Filter out unwanted content
- Detect phishing emails
Don’t forget outbound emails as well. Your business is at risk from your own staff and outbound Data Loss Protection will ensure that your corporate data is not stolen.
Web security used to be about controlling access to certain websites to prevent staff from distraction and from wasting valuable time. Today, whilst this is still true, staff like to feel more trusted so more and more business are leaving the web open. Web-security now ensures that the websites your staff are visiting are clean and do not have code embedded in them that will put your business at risk.
The majority of ransomware attacks are as a result of an unprotected user opening up a single webpage that has been compromised with malicious ransomware code. Ransomware has the potential to render all your business files useless unless you have a good backup. It only takes one user to potentially infect your entire network.
Your chosen web-security product should protect your staff wherever they are. Whether this is in the office or working from home or hotel on a laptop.
Malicious hackers are looking for backdoors into your business. The most recent security breaches highlighted in the press often come back to business’ working with computer operating systems and software that is out of date. Your business should not be using operating systems that are no longer supported. It’s like leaving your front door open on a busy street and your valuables on display. It’s just too tempting for somebody to exploit this opportunity.
Modern operating systems such as Windows 10 are more secure but they must be patched. Much like Anti-Virus your business needs to know that all your systems are patched and protected. With 99% of virus mutating with every install, patch management is just as important as Anti-Virus.
Finally the overarching protector of all business.
Backup is key to every business security plan. You must be able to rely on your backup to get your business back up and running and it must be able to do this FAST!
Consider your data wiped by Ransomware, would your backup solution result in your entire working day being lost?
Your backup needs to run frequently and generally more often than once every night. You also need to ensure that your backup is successful and that your data is stored securely and offsite.
If you want to discuss these in more detail and how we can help protect your business please don’t hesitate to contact the CT Sales team on 01246 266130.