Cyber Security and understanding more
I went to a really informative Cyber Security event last week in Hailsham. It was presented by Andy Rawlinson from the South East Regional Organised Crime Unit (SEROCU) and sponsored by the Hailsham Chamber of Commerce and Astec Computing (UK).
We see a lot of companies in our day to day work, who don’t really have a lot of understanding of the dangers of the internet, or even the importance of having a reliable, secure IT infrastructure.
I think people and businesses just think they will be OK. However, listening to the presentation this morning, they clearly won’t be!
Some of the elements I understood more than others as we see them all the time, like Phishing, Denial of Service Attacks and Website Hacking.
Some of the key elements I took away with me were:
Make sure that any device you have that connects to the Internet is running an up to date anti-virus system. These don’t have to be expensive, there are some really good free ones; but you have to use something. Keep this up to date and make sure that it is working properly, as well as regularly scan your devices.
Also use something to detect Malware on your devices. Malware is the malicious software or programs that are harmful to your devices; it’s these that actually do all the dirty work.
A firewall is your first line of defense. It’s a protective barrier that sits on your PC or router and protects you from unwanted access to the system. You can change the security settings on your firewall to suit your requirements, making them specific to you.
When you add new software or apps to your PC, you will need to change the permissions on your Firewall and you will probably notice requests to do this. You can also review what software/websites have access to your system. Setting up your firewall properly is important.
Secure Offsite Backups
Make sure you have an effective back up of your computer data. If you can get a backup of your system files that’s even better. This will make it easier to get things working again if your security is breached. Also do your best to understand how the backups work and what is actually backed up. As well as this, you need to know how to restore the backed-up files.
Backups should be offsite. Whether that’s in the cloud or on a drive that you physically remove from the office after the backup is completed. You may not want to trust a cloud backup, but they are generally pretty good and make a lot of sense.
If you don’t have time to do this, or the inclination, then it makes sense to find an IT company who can help you create a backup plan.
2FA (2 Factor Authentication)
These days most online systems that require you to login with a password also give you the option to set up 2FA. This basically means that when you login with your user/password it will also send an authorisation code, usually to your mobile phone. To gain access you will need to have access to the phone and enter the code that is sent to you.
We build a lot of WordPress websites and we have been starting to implement 2FA on the CMS (Content Management System) so that you can’t login and make changes unless you can authenticate properly. This is relatively simple to do so ask your developer to help you.
This is something that affects us more than most of the others on a day to day basis. We manage email for most of our clients and security and strong passwords are very important. We also see quite a few Phishing emails which we regularly speak to clients about. Spotting a dodgy email can be hard enough especially as they are so well disguised, but it’s really important that if you have any suspicions then you must not open an email.
As a rule of thumb, large companies, banks and government bodies won’t ask you to login to your account via an email. If you are worried call them instead. Phishing emails will try and push you, by adding a sense of urgency to the request, but again if the request is unexpected or urgent and you don’t know what it is then it’s probably not from who you think it is.
Having a good password won’t stop you opening a phishing email, but it might stop someone using your email account for a different purpose. Hackers can use your account to attack other businesses, sending thousands of emails to slow and cause their systems to crash. DoS (Denial of Service) attacks may not be focused on you but if you are part of one, even unwittingly, it can lead to your mail account getting blocked and much more.
Create a business wide policy in regard to handling suspicious email, so that as a group you understand how to handle these as well as how to deal with them.
Password Management systems
Having good quality passwords is very important. Ideally of 14 characters or more, with upper and lower case text plus numbers and special characters. Unfortunately, the better you make them the harder they are to remember.
Another good idea is to create a pass phrase, so three sets of words that you can remember but that aren’t linked or obvious… something like “RelaxingFriendsSkiing” might be a good one for me. You can then juice this up a little by making some of the characters numbers or using special characters; “#Rel4xingFriends$kiing”.
But creating and remembering lots of good passwords is still going to be hard, so you could try using a password management system. These store and remember all your different passwords with you using one good pass phrase to access the management system. A lot of these can also remember and log you in automatically to systems that you use regularly. But only do this on devices you trust and manage and of course make sure you use 2FA.
Some simple steps to take
OK so here are the basics of what we have said above:
- Make sure you use a good anti-virus and keep this up to date and working
- Combine this with a good Malware package to illuminate malicious software
- Back up your critical business systems and understand how to restore the back up if anything goes wrong
- Use 2 Factor Authentication (2FA) whenever possible
- Use business email and make sure your passwords are strong. Also have a policy within your business for dealing with suspicious emails
- Invest in a good password manager
For me the single most important thing to do is get help. Speak to an expert about your Cyber Security and work with them to do as much as you can to prevent access to your systems. This is definitely worth spending money on as it potentially can save you EVERYTHING…