Hackers have become increasingly sophisticated in recent years and even more so during the pandemic – We are seeing an increase in the number of attempted attacks designed to target people who are isolated at home. Breaches, regardless of the severity, can be disruptive, costly and damaging to a business’ reputation. To mark cyber-security awareness month, Tara Doyle Marketing Director with supportIT, highlights some key areas to help protect your business.
Create a more security-aware organisational culture Security awareness is a large part of the human side of prevention. Often, people are the weakest link and the best way to mitigate against this risk is to ensure staff are aware of the latest threats; Highlight attempted email scams so staff can know what to look out for and communicate to users the processes for reporting SPAM.
‘Many of our clients request an alert when a potential SPAM issue is logged so that they can monitor the types of threats that are coming into the business and use that information for educational purposes.’ Joe McGivern, CEO, supportIT.
Agree Policies that relate to devices that are used in the Home We are advising companies to put policies in place for work devices that are in use in the home. These should be used exclusively by the employee, not friends or family. We are also advising clients to have a ‘Bring your own device’ policy; devices that staff are intending to use should have adequate Anti-Virus software installed and be updated to ensure the latest security patching is in place.
Strong Group Policy & Password Settings As a managed service provider, we put particular emphasis on strong group policy settings; forced password changes, minimum password length, screen locks & software installation restrictions can be activated centrally and pushed out to every machine for enhanced security.
Strong password policies should also apply to 3rd party applications being used in the business, like CRM applications and Finance applications – discourage sharing passwords and, for audit trail purposes, create logins for each individual user.
Use Virtual Private Networks (VPN) A VPN is needed if home workers need access to the company network, particularly if you want to make sensitive information available. Ensure your business has enough licenses in-place to allow all your remote workers to access the network, and reinforce with the SSL security protocol and multi-factor authentication.
Ensure you have adequate Anti-Virus solutions in place The best products are paid solutions with proven detection rates. Make sure that you include phones, tablets, and especially, laptops. Our recommendation is Webroot, it is an award winning solution with high detection rates.
Two Factor/Multi-factor Enablement Most business applications now have two-factor/multi-factor enablement. This is activated within the application itself – this is best practice to ensure your application is secure, particularly if you store personal identifiable or finance data.
Data Loss Protection (DLP) For those organisations that have more stringent compliance regulations, we recommend an added layer of protection called Data Loss Protection (DLP). DLP is a built-in feature of Office365 and is activated through the management console.
If it happens, deal with it correctly The reputational damage resulting from a data breach is devastating for a business. Research has shown that customers will stop doing business with organisations that have been breached, which is why it is so important to take the steps above to mitigate against this possibility. In our experience, if a breach does happen confidence can be restored if your customers know that you have taken the proper steps by a. notifying them b. notifying the data protection commissioner c. putting procedures in place to ensure it doesn’t happen again.
Contact our Security Team now for a consultation to discuss your IT security requirements.