Security is an interesting topic when it comes to local businesses. Trying to spin the many plates that contribute to the totality of a business can be exhausting, and often there will be some aspects that get less attention than others. On occasions, this unrequired mantra can impact upon the security aspects of your business. Contrarily however, security should be high on the priority list. Similarly to insurance, security can sometimes attract disdain as its stealthy existence can seem unwarranted or unnecessary, only up until the point that it becomes an absolute must-have.
Below are some useful steps you can take to strengthen the integrity of your IT network. However, it is important to remember that you will never be able to completely remove the risk of being compromised, but the more layers of security you include in your IT infrastructure, the less likely you are to be a victim of cybercrime.
Firewalls/UTM, for example, prevent unwanted issues encroaching into your network space and are a powerful piece of kit when it comes to protecting against external threats.
Endpoint Security software such as Webroot Endpoint Protection, provide protection on a machine by machine basis and are brilliant tools when it comes to protecting against internet nasties. More than just antivirus, endpoint protection is your guardian and warden against all number of threats. They work under the radar, as silent helpers, and can be deployed gracefully and without hassle across a number of systems. Webroot also has DNS Filtering, granting you the ability to block inappropriate and potentially harmful websites, so that your users don’t run afoul of the web.
As hardware improvements and iterations in firewalls and similar products become minimal and negligible, cybercriminals are changing focus and beginning to target people as their main stream of proficiency. The other methods we have discussed may deliver a somewhat adequate level of threat protection. Ultimately however, when it comes to security, individuals are the last stand between safety and a breach, making training one of the most important protections you can employ. If your staff are not upskilled or looked after in the knowledge department, you open up the risk of them slipping up, which will cost you much more dearly than you can anticipate.
Phishing – a method criminals use where they put together a nefarious website or link that looks legitimate in many ways but is actually malicious lying in wait. The site or link is set up with the sole purpose of extracting your details once you enter them into the site (say card details for example). Awareness and vigilance are two key traits you should utilise when web browsing to ensure you don’t fall foul of a phishing attack. Most browsers now provide some form of visual indication in the address bar as to the legitimacy of the website, but always check the URL of the website you are on if you are unsure.
Malware – is a hidden piece of software that once installed on your computer can wreak havoc. Malware comes in all shapes and sizes but is primarily acquired through the downloading and installing of programs and applications, that tend to be sourced from unreliable destinations on the web. Once installed, Malware can go undetected for months at a time, all the while pulling data from your machine. Best prevention methods for Malware are always checking the website you are downloading anything from, and once downloaded, checking the files before, during and after the installation process. Unfortunately, not every endpoint protection setup will save you from every piece of Malware around. Larger scale Malware attacks, sometimes referred to as Botnets, occur when multiple computers on a network get infected, and then attackers will use this group of infected machines to conduct crime.
Passwords – A common one when it comes to security, your password needs to robust enough so that the everyman cannot guess it. Keeping it unrelated to your personal life, employing extra numbers and symbols are just some of the ways you can keep your password strong. For example, if you are using Office 365 & logging in to the Microsoft online portal, using an unsecure password puts you at great risk.
Unpatched Software – another huge part of the cybersecurity landscape is unpatched software, also more simply known as the process of not updating your computers and its related software when you should! It can become an easy habit to ignore any updates that frequently come your way. However, leaving your computers unpatched and out of date opens the door to those who are capable of and have found vulnerabilities that they can exploit in out of date systems. Whilst you should have some form of patching process in place (whether that be you or your service provider), keeping everything up to date is a must. There is sometimes a negative stigma around updating, possibly because of the number of updates that we are prompted to do, and also the unwarranted fear that we will lose some important function or feature, but this isn’t the case. Read our Windows EOS blog to find out more about the widespread issues that have the potential to occur if you continue to use unpatched, legacy systems.
These examples are just a fraction of the variety of ever evolving threats that those with bad intentions will use as part of their arsenal to compromise you and your business. As we’ve covered, your end users are you best guardians to prevent any issues, and that’s where training can become paramount. If you neglect your systems and leave them vulnerable, it’s not ideal to say the least, but the least you can do is invest in your people and give them the expertise they need to run your systems as fluidly and trouble free as possible. It can become a real pain point if you are constantly under attack, but by giving people the power to protect yourselves, then you are serving the company well.
Please refer to our blog for extra information and tips to help keep you and your team in the know. There are swathes of information available to help you where needed, including our cybersecurity training which you can find more details on here. Alternatively, feel free to contact one of the team here at BCS on 01843 572600 and we will be happy to help.