Seven Security Measures You Must Have At Minimum !

In a June 2018 editorial in Siliconrepublic, the essential resource for professionals working in science and technology [ https://www.siliconrepublic.com/cybercrime-ireland-pwc ], John Kennedy, reports that "In Ireland, cyber-crime is double global levels, with four out of 10 organisations failing to assess the risks. Economic crime is hitting record levels in Ireland, with almost half of businesses (49%) reporting crime in the last two years." Cyber-crime is at an all-time high, and hackers are setting their sights on small and medium businesses who are “low hanging fruit.”

Don’t be their next victim! This report will get you started in protecting everything you’ve worked so hard to build.

Are You A Sitting Duck?

You, the CEO of a small business, are under attack!!! Right now, extremely dangerous and well-funded cyber-crime rings in China, Russia, Ukraine, Pakistan, India, The Philippines, Afghanistan etc. are using sophisticated software systems to hack into thousands of small businesses like yours to swindle money directly out of your bank account. Don’t think that you’re not in danger because you’re “small” and not a big target like a Sony or eBay? Think again:

• 82,000 NEW malware threats are being released every single day!
• HALF of the cyber-attacks occurring are aimed at small businesses!

You just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.

In fact, an E-crime report from the Irish SME association, ISME, which was released on September 15, 2017 [https://www.isme.ie/e-crime-report/] found that the majority of small to medium Irish businesses have fallen victim to cyber-crime - yet some 20% of these firms don't even have formal password policies in place! The report also stated that some 81% of SMEs have reported an e-crime attack on their firm and 98% have called for the establishment of a national cyber-crime group.

Although the number of firms stating they were subject to an attack has fallen slightly compared with the previous year's figure of 82%, ISME said the issue of cyber-attacks and online computer related incidents has increased over the last decade.

"Crimes against business takes many forms, but the area in which we see most increased activity is cyber-crime," ISME CEO Neil McDonnell said. "Increased online business activity has expedited and expanded trade, creating a cheaper, more flexible, and far reaching business environment; but with this comes security risk".

Details of the types of attacks revealed in the report include:

• 'Spam' is the most prevalent issue at 74%, an increase from 67% in 2016.
• Virus infections (62% - up from 42%).
• Theft of company data (5%).

However, there has been a reduction in the numbers of hardware thefts, down from 11% in 2016 to 3% in 2017. "Businesses must become more aware of the threats posed by cyber-attacks and take proper preventative measures. It is worrying that 20% of businesses surveyed do not change their password settings. This is a very simple preventative measure any business can take." said Mr McDonnell

The aforementioned Siliconrepublic Editorial makes reference to the, more recent, PWC Irish Economic Crime Survey [https://www.pwc.ie/reports/irisheconomic-crime-survey-2018/] showing “The study found that four out of ten Irish companies are failing to do risk assessments, usually the first step to prevent fraud before it takes root.”

Likewise, in the UK, the Federation of Small Businesses (FSB) reports that small businesses in the UK lost ￡785 million in 12 months, and 41% of FSB members had been victims of cybercrime. And that number is growing rapidly as more businesses utilize cloud computing, mobile devices and store more information online.

You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity.

Because of all of this, it’s critical that you have these 7 security measures in place:

1. Train Employees on Security Best Practices.

The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust) or cleverly disguised attachment. If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.

2. Create an Acceptable Use Policy (AUP) – And Enforce It!

An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you must enforce your policy with content-filtering software and firewalls.

At DataTrust, we can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.

Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data. If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network.

If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?

Further, if the data in your organisation is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jail-breaking” the device to circumvent security mechanisms you put in place.

3. Require STRONG passwords and passcodes to lock mobile devices.

Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised.

At DataTrust, as standard, we enforce these policies technically, so employees don’t get lazy and choose easy-to-guess passwords, putting your business at risk.

4. Keep Your Network Up-To-Date.

New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore, it’s critical you patch and update your systems frequently. The only way of ensuring this happens is by partaking in a managed IT plan. At DataTrust, we completely manage all patching e.g. Microsoft, 3rd Party Application and Hardware Firmware Patching ensuring that you are never vulnerable because of missing patches. Also, we don’t expect you to just take our word for it! – we issue you with Weekly Reports “making the invisible visible”

5. Have an Excellent Backup.

This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!

Entering the market in 2005, DataTrust were the second provider of Secure Online Backup in Ireland. Afterwards, we bought out that same market leader in 2011 [ databackup.ie]!

6. Don’t allow employees to download and install unauthorized software or files.

One of the fastest ways cybercriminals access networks is by duping unsuspecting users to wilfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall, correct PC configuration and employee training and monitoring.

7. Don’t Scrimp on A Good Firewall !!!!

A firewall acts as the front line defence against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But not all firewalls are created equal. Good ones will filter your internet traffic for nasties and block threats that standard AntiVirus and other prevention don’t stop. Firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.

Ask yourself the following:

• Is your network really and truly secured against the most devious cybercriminals? And if not, what do you need to do (at a minimum) to protect yourself now?
• Is your data backup TRULY backing up ALL the important files and data you would never want to lose? We’ll also reveal exactly how long it would take to restore your files (most people are shocked to learn it will take much longer than they anticipated).
• Are your employees freely using the Internet to access gambling sites and porn, to look for other jobs and waste time shopping, or to check personal e-mail and social media sites? You know some of this is going on right now, but do you know to what extent?
• Is your firewall and antivirus configured properly and up-to-date? Is it setup to block common threats which will bring your system to a standstill such as CryptoLocker or CryptoWall?
• Are your employees storing confidential and important information on unprotected cloud apps like Dropbox that are OUTSIDE of your backup?