Cyber Security in an unsafe connected world
Five ways you may be putting the safety of your IT systems, data and reputation at risk…
In our experience there are five ways in which organisations get the safety and security of their IT systems, data and, indeed, reputation wrong – here’s what you can do to get it right:
1. Cybercriminals aren’t targeting Small and Medium-sized Enterprise’s (SME’s) because they prefer big corporations.
In reality, cybercriminals like going after SME’s, because their security may not be as good as the big enterprises. In a survey Sophos and the Ponemon Institute conducted last year, it was found that over half of all SME’s had experienced some form of data loss in the previous 12 months. They only have to be lucky once, you have to be lucky all the time. So ignoring the problem is gambling with all you’ve worked for.
2. We have anti-virus; that should be enough.
It’s true that you need anti-virus (AV) on your desktops and laptops. But that’s no longer enough. Businesses need to stay protected from threats that arise at a far faster pace than the updates of signature-based AV. To create better security, you need multiple layers of defence to protect yourself against the many ways threats can get into your systems. We call these vectors of infection – like web exploits and USB drives. Look for features like host-based intrusion prevention system (HIPS), web content filtering and device control.
3. Our data is stored safely.
Malware can destroy your data or lock it up so you can’t get to it without paying the crooks to do so. Make sure you have frequent backups and test them periodically. Many organisations have been confident in their backups until they needed them, only to find they were unable to restore the data after an incident.
4. Our passwords are strong enough.
Passwords can be cracked and users tricked into giving them away by social engineering tricks and phishing websites. To prevent unauthorized logins, you should implement two-factor authentication (2FA) wherever possible. For example, if you use services like Gmail, Dropbox or Facebook for your business, they offer 2FA. Use them.
5. Users can safely access email from their mobile devices.
While the connection between a mobile phone or tablet and your email server may be secure, there is no guarantee that the data is safe once it reaches the device. A lost or stolen phone or a malicious app can lead to critical data ending up in the wrong hands. Be sure to use mobile device management software to enforce policies like automatic screen locking, strong password requirements and mandatory encryption.
How to get your Cyber Security right
If every Small and Medium-sized Enterprise did these five things right then they’d all be in a much stronger, safer and more secure position. However, we know it can sometimes be hard for you – running a business which often doesn’t have the resources or expertise in place – to know what to do and who to turn to for help.
Fortunately, there are cyber security solutions available today that can help you manage these challenges with enterprise-class technology that is both affordable and simple.
How we can help
The need to review data and network security has increased due to the many recent high profile security incidents in the news. This and many other factors has lead to IT managers and technicians asking the question “Are We Vulnerable?”
Our no obligation cyber security assessment service can help you answer this and many other security questions about your current and future IT infrastructure.
Your Cyber Security Assessment:
- A collaborative process is used to identify security related issues.
- Identify any known or potential security concerns / threats / vulnerabilities.
- Review current or planned mitigations (defences such as AV, Firewalls etc.) and security infrastructure.
- Identify and report on residual risk (risk = likelihood x impact).
Dependent upon your needs, we can provide different levels of security reviews. Additional Services include:
- Penetration testing with documentation.
- Security knowledge transfer to support personnel.
- End user security awareness training.
- Remediation Services in the event of a current breach.
- Compliance assessment with independent testing.
For your complete peace of mind all our consultants are industry accredited professionals who use pre-defined and agreed ethical techniques.
Book your free Cyber Security Assessment today*
*terms & conditions apply