People are making life long careers as cyber criminals as they discover how much more profit they can make out of their technical skills when used to compromise and hold corporate ransom than working on regular jobs. Considering that most of the attacks originate from countries outside the EU, where people most of the time are highly skilled but on very low paid jobs, it is easy to understand how they turn to cyber crime to increase their income several times fold.
According to recent studies, cyber attacks are evolving quicker than security counter measures that goes beyond just the technical skills involved. Cyber attacks like Ransomware are on the rise as they are sold as a service to low skilled cyber criminals, meaning they pay another cyber criminal organisation a percentage of their profits to use their cyber attack tools, saving themselves time and hassle while maximising profits. That is the outsourcing of cyber attacks, allowing more people to get into the cyber crime scene easily.
The best counter measures against cyber attacks is a mixture of best practices, security software, staff training, forward thinking and disaster recovery planning to predict their next move and have plans for any eventuality. Many companies think simply a security software and backups would cover all their security needs, just to find themselves in a delicate situation at a later stage with their data completely compromised and unavailable due to a cyber attack carefully planned on something the company was not aware it was an issue.
We recommend the following measures to lower the risk with cyber attacks:
Maintain software like Windows on workstations and servers updated to latest security patches as they are released. Bigger corporations should have staged updating policies to test updates before applying to thousands of machines to avoid problems and incompatibilities. Sometimes an update can be rushed out to close a critical security hole but may cause a problem somewhere else.
Use anti virus on all workstations and servers, ensuring they are centrally managed and reporting back when there is a suspected file and when they have last been updated to latest version.
3rd party software like Adobe Reader, Microsoft Office, Internet Browsers (Internet Explorer, Chrome, Firefox, etc) also need to be updated regularly as at many times these are the security holes opened on your network allowing the attack to reach your internal servers and workstations. There are attacks targeting PDF file format for Adobe Reader for example, allowing unauthorised access to all your corporate data.
Adopting best practices of allowing people to access only what they need to access. We see many companies allowing people to access way more data than they actually need or should access. If their account is compromised, a lot of data can be at risk. Allowing people to only access what they need to perform their roles minimises greatly the surface of attack.
Train staff about cyber threats and how their can minimise the risks of email attachments and dodgy links on the internet. We see about 75% of attacks originating still from users being lured to click or run applications downloaded over the internet creating security holes. Of course we recommend not granting users permissions on the systems to download and run applications, but also there are viruses coming from PDF documents as well, and new methods are being developed as we speak finding new ways to penetrate your systems.
Passwords are the single most neglected item in security, with people writing their passwords under their keyboard or using known personal information to create passwords like pet names, dates of birth, addresses, etc. We recommend training people how to create passphrases by coming up with a small own rime for example consisting of a few words and inserting some special charterers to add complexity. This allows a password to be very strong and easy to remember only to the end user.
Multi factor authentication can further enhance passwords meaning even if someone gets in hold of a password, they can only access the system if they have a physical device like a phone to receive an temporary code to access the system. That mean the user tries to login with a password and then gets prompted to type a code send to his/hers phone, giving an extra layer of security. This can also be done with hardware tokens like a keyring, that needs to be inserted on the computer to allow you to login. Think about this as a car key you need to turn your computer on and on top you need a password. Perhaps if we had such a system with cars that would mitigate all car thefts? Imagine having a password to start your car.
Ensure your network boundaries are fully protected with a perimeter firewall. This network device will filter all traffic that comes in and out of your network like a bouncer in a nightclub, only allowing the traffic that was previously configured to be allowed into your systems. Many small business chose to use low end internet routers provided by their providers which provides basic functionality only and lack the control needed to ensure safety is put at first. Bigger corporate tend to now review their firewall policies from time to time and as IT staff comes and goes, documentation starts to fade and eventually no one knows what policies are for what and you end up with a big security hole thinking you have your network secure.
Backups are essential part of any IT system, but still we find many customers we take on board with poor backup plans. Many times we see a backup configured and it never gets re evaluated as the IT systems change, meaning what should take 2 hours to recover now can take 8 hours and there was no planning to account for data growth. Also backups tend to be referred as a simple copy of your data, so imagine a filing cabinet with all your files and we simply make a copy of all documents and tuck them into a drawer somewhere without properly organising them into sections and indexing them? When a disaster struck you may find yourself spending hours just to find a simple document, meaning your business is not operating and losing money. We recommend always going a level higher implement a disaster recovery plan to ensure there is a proper documented, tested and fast way to recover your systems under any circumstance.
Mobile devices are now a great backdoor to hack into your systems too, considering they are a proper portable computer running your corporate emails, banking, accessing files and communicating via video over Whatsapp/Skype, you can clearly see the mobile phone is far from just a phone and should be considered as a full fat computer. Mobile devices can also be infected with viruses easily these days and compromise the corporate data you worked so hard to secure with your other policies, just to forget the mobile now is the weakest link. We highly recommend using mobile device management solutions so we can separate corporate from personal data, meaning that we minimise the risks of the phone being compromised and than having access to corporate data. We can create what basically would behave like 2 phones inside one, so personal data and apps are completely separated from the corporate data on your phone, they can’t see each other.
I hope this was informative and an eye opener for companies that think everything is being taken care but may be at risk due to their IT provider not pushing security policies as hard as they should. We treat our customers data as if it was ours, and this feels like taking care of our children, meaning at times we need to take some critical decisions having in mind their best long term interest even when they don’t fully understand it. That is our job and mission, to be a Knight of IT security and take the best care possible of your data.
If you have questions or would like to just have a quick chat, why not contact us? We are also available on our online chat for a more informal first contact, please click here to be redirected to our chat on Tidio.