Cyber Security – The Risks and what you can do.

 

Ransomware threats are on the rise globally, and Cyber Security is the buzzword now for anyone even here in New Zealand.

Not only is there a very real threat present for businesses large or small, it is also now your responsibility to ensure that you have clear protocols and guidelines around data and cyber security.

It is no longer a question of IF you need to sort out your security, it is a question of WHEN. 

Cyber Security is a team sport

Just like the All Blacks don’t get a try because of one player, Cyber Security is a team effort. That means that the whole team needs to know the game plan, needs to understand the role they play, and what they need to do to help you win at Cyber Security.

How to train your team:

Here are some ways to increase ownership of Cyber Security across the whole company, and help everyone to come on board with fighting against potential hackers.

  • Create an IT policy handbook for your company and discuss this as part of the hiring process. This will allow for accountability to be set up front.
  • Run regular training programs on security.
  • Regularly remind employees to update and upgrade technology.
  • Monitor applications downloaded onto work devices.
  • Have a clear policy for people bringing in their own devices.
  • Train your employees to recognize phishing emails and other scam.
  • Add multi-factor authentication to remote access.
  • Help them understand the risks associated with using unsecured wireless networks or unencrypted devices.
  • Limit Access: Configure credentials so that employees can access only what’s needed to do their job. One employee may need to read certain files but have no need to edit them.
  • Encourage staff to only collect the data that is really required.
  • Remind everyone to be very careful about sharing sensitive data.
  • Manually check financial details

 

Let’s start with the House-Keeping

Whilst some of these things may seem very obvious, the threat to our security can sometimes be closer to home than we expect.  Maybe it’s not the anonymous Russian cyber-criminal that you need to worry about, but Sam the office gossip, who can’t help having a peek at the boss’s computer after hours.

Remember if anyone can get into your computer, and your computer is linked to the network, they can potentially access files on another computer, and access sensitive information and emails.

Internal Physical Security Check:

  1. Do you take precautions and make sure that you lock the office door?
  2. Does your computer have a screen-saver that automatically comes on when you jump up for your fifth coffee of the day?
  3. Does your computer have a password? If so, is it complex and known only to you? Note: Using your dog’s name, when you talk about your dog all the time, might not be the best idea.
  4. Is your drive encrypted?

External Security:

  • Are you using 2FA (Two factor authentication): 2FA is a fantastic way to ensure that it is much more difficult for people to access your data.
  • LastPass: This is a great centralized tool to manage your passwords. Teach your staff about the importance of strong passwords, and changing them regularly.
  • Backup your data: Make sure you have your data backed up both in the cloud or on an external server.
  • Password protected files: This creates an additional layer of security both internally and externally.
  • Safe-Links: Safe-links check every attachment that comes to your computer and download it in a sandbox to ensure it is safe before it comes to your computer.
  • Install regular software updates.
  • Update your default credentials
  • Use firewalls and email filtering
  • Is the WIFI secure? Or can anyone driving past easily jump on to your company’s Wi-Fi?

Have your Plan B sorted:

Whilst nothing is foolproof at the moment, limiting your risks will ensure that you also limit downtime and help you to get your system functioning again as quickly as possible.

Reach out and contact us here about what is required for your company, and what is the best way to create backups. Using different storage types and having at least one off-site is often advantageous.

Whilst Cyber-Security can feel overwhelming, we here at the ITA can help you to formulate a plan, create a checklist of what is required first, and help you to win the battle against cyber threats.

Chris Curran

IT Centre