2017 was a bad year for cyber security. With WannaCry causing troubles in the NHS, Equifax losing customer data and NotPetya affecting companies such as Maersk and FedEx.
With the introduction of the General Data Protection Regulation (GDPR) in May 2018, cyber-security is again at the forefront of our consciousness. This time because the consequences of data breaches have increased exponentially.
With all this talk of fines, hacks and ransomware, you could be forgiven for feeling a bit daunted by it all. After all, you are likely not a cyber-security or technology expert.
Fortunately, we at entrustIT have put our heads together and have compiled a list of five basic, practical measures that any organisation can use that will improve cyber-security.
Remember, a determined intruder is difficult to keep out, but if you put these measures into practice you can expect results.
Interested in Cyber Security and how you can protect your business? Get the facts in our White Paper>>
No doubt you have been told the importance of a strong password before. However, you would be amazed at how common it is for end users to have really terrible passwords. If you don’t believe me, digital security agency 4iQ released a list of the 10 most commonly used passwords in 2018.
It looks like this:
So how can you build a password that doesn’t suck?
We often recommend using a phrase that you would find easy to remember and combining the first letters of each word into your password. For example, ‘The Quick Brown Fox Jumps Over The Lazy Dog’ would produce this password: tqbfjotld. Even a skilled hacker with sophisticated software would have a hard time cracking that.
Whatever you settle on for your password, steer clear of using personal information (such as the name of your house). A skilled hacker can trawl through the personal information that you (or your family and friends) post online on social media and can work these out relatively easily – you would be amazed at how much information can be found online!
You should also not pick a password and use it across all of your accounts. This is obviously because if a hacker gained access to one password they would have access to all of them. If you have a hard time keeping track of all your passwords, you could use a password manager like LastPass which encrypts all of your passwords and stores them securely. Then you only need to remember just one master password! LastPass also has a handy Google Chrome addin which stores the passwords in your browser.
It would also be preferable to regularly change your passwords (perhaps every 6 months) and never share them with anyone. If you must share a password, make sure you change it immediately.
If you have an office Wi-Fi then you should make sure that it has a secure password on it. Share this with your staff, but with nobody else.
If you need a customer Wi-Fi, make sure it is a separate ‘guest’ Wi-Fi network and ensure your staff do not connect to that to do their work.
The reason behind this is that hackers can use software to gain access to secure files that are stored on your network and it is really difficult to track. By keeping outsiders on a completely separate network you can keep your files locked down.
Furthermore, if you have staff that like to work remotely, make sure that if they are using public Wi-Fi networks they login to a secure area to do their work. A Hosted Desktop or Secure Browser is ideal for this.
It is likely that you will be familiar with Public Cloud services such as Google Drive or DropBox for business. These services are great and very convenient, but the security is a little dubious.
Large Public Cloud providers like Google make money from advertising revenue and this relies on big data. They do not always have your best interests at heart. Only recently, it emerged that Google tracks its users’ locations even when they asked them not to.
You may also remember the celebrity iCloud hack of a few years’ ago. Granted, that was down to weak passwords, but it is a sobering reminder that sometimes the things you put online that you think are safe, are not always so.
Public Cloud companies also have datacentres all over the world. You cannot always be confident where your data is stored. Given that different countries often have different data protection standards, it is preferable to have your data stored in your geography.
If you are looking for better options for data storage and safe sharing, there are great enterprise tools out there.
Citrix Content Collaboration (formerly ShareFile) is enterprise file storage and sharing built from the ground up with security and compliance in mind (think Dropbox for enterprise). This has the functionality of Public Cloud storage services, with the security that will keep your IT teams happy. Furthermore, if you do need cloud data storage, it is a great idea to partner with a Cloud Managed Service Provider (MSP) who can provide this for you – and they can even tell you exactly where they are keeping your data!
‘Patch Tuesday’ is the unofficial term that refers to when Microsoft release important security patches to their software and services. It occurs on the second (and sometimes fourth) Tuesday of every month.
If you didn’t know that then don’t worry, you are normal. But the chances are that if you were not aware of it, then you have not been keeping on top of these regular patches. When was the last time you applied a security patch to your laptop or phone?
These security patches are released in response to known vulnerabilities in your software. If you are not keeping on top of them, then you are vulnerable to attack.
These software updates are not just for your PC or phone either. They can also apply to office appliances such as printers and fax machines – yes, these can leave you vulnerable too.
Fortunately, if you have an IT team, they should be covering this. If you do not have an IT team, then have a think about outsourcing your IT to an MSP, who will handle all of this for you in the background. They will handle all of the boring IT stuff for a monthly fee, giving you a bit more peace of mind.
In most cases, humans are the weak point when it comes to security. Either your staff use weak passwords, transport company data on unencrypted USB sticks, or log in to work email on a public Wi-Fi network.
These actions are not malicious of course, after all staff just want to do their job in the way they deem to be the most efficient and effective. Unfortunately, as most staff are unaware of cyber security dangers, these methods are often not secure.
That is where training comes in. Make sure you have well documented ‘best practice’ security procedures for things like sharing documents and working remotely and then ensure that all of your staff are trained thoroughly in these best practice techniques.
Do not fall into the trap of making your training sessions a dull PowerPoint presentation though. Try to liven it up as much as possible and incentivise your staff with rewards for sticking to the rules. This should help maximise adoption across the company. Of course, not everyone will get on board, but provided they are educated of the dangers of poor security and understand the risks, they will think twice about having a lax attitude.
Cyber-security is complex and there is no ‘magic button’ for improving your security. Ultimately, it is a numbers game, if you spend more on security you can expect better results. That is why many businesses opt to partner with an MSP to apply security measures for them. An MSP is able to keep the costs down by spreading these tools out over a large customer base.
entrustIT is an MSP with well over a decade of experience in doing just that. If you are interested in finding out more, or just getting some advice – get in touch with us.
However, if you would prefer to handle it yourself, start with the advice in this blog. By implementing this advice you can expect to see a marked improvement in your safety and security.
Good luck!Interested in Cyber Security and how you can protect your business? Get the facts in our White Paper>>