Educating Your Staff About IT Security

Every CEO should be taking the time to ensure all their employees are upholding rigorous business IT security practices. All computers and devices connected within your company represent a potential vulnerability. It takes one mistake, or malicious act, to open up your computer network to a cyber attack. Taking a proactive approach to your IT security is the best way to mitigate your risks and protect your valuable assets. This begins with a stringent background check on every person you employ but must continue from the day they begin to work for you. 

Firstly, every company should have a business IT policy in place which outlines the responsibilities of every employee in terms of upholding IT security and what to do in the event of a cyber attack. You should not assume employees are practicing relatively simple measures such as changing passwords regularly or not leaving their computers unattended. Every expectation should be spelled out in a document as well as presented at a workshop. This ensures everyone knows what is expected of them and regular meetings or emails serve to remind everyone to always remain vigilant. 

Employees should know what to look out for both in terms of not falling victim to phishing scams but also if their computer or device has been compromised. If they are able to recognise when something is not right, they are in the best possible position to alert the business IT department to a problem. Fast responses mitigate the subsequent losses. 

In every company, there are individuals who are more likely to become targets than others. Those in higher management positions with access to more valuable documents and data are more likely to be the target of a cyber attack simply because the pickings are richer. Similarly, the IT department themselves must be staffed with skilled and trustworthy individuals as they have access to the entire network. It is advised that all higher management meet with the business IT security team regularly to discuss their security practices. 

Once you feel you have educated your staff to the necessary level, it is important to put them to the test. Many penetration tests are designed not to seek access through the IT security system themselves but into the building and onto computers using employees. The front desk is the first line of security for your company and these people must be diligent when it comes to checking IDs and only allowing through individuals with appointments. Similarly, if a USB stick is left in the car park, would an employee pick it up? And if they do, would they plug it into their computer? Would they give out information to a caller posing from a company claiming to be affiliated with your business? These are all examples of social engineering techniques regularly used to instigate a cyber attack. 

There are countless ways in which a company can fall victim to a cyber attack. Remember; you are only as strong as your weakest link. Hold regular meetings and put on periodical, mandatory IT security training sessions to act both as a refresher course and also a way to deliver new and up-to-date techniques. Invest time and effort in educating your staff to ensure your business IT practices remain impenetrable.  

dreamstime_m_14003169
Business IT
Advertisements

The Danger of Lax Mobile Phone Security for Your Company

All CEOs are responsible for protecting customer data and most companies now employ holistic IT security protocols for all of their computing systems. Often forgotten, however, are handheld devices such as tablets and mobile phones, increasingly vulnerable to cybercrime and rarely given the protection they warrant. If your staff are accessing their work emails or other documents on their mobile phones, it is the job of the CEO to ensure your customers continue to be protected. Don’t leave yourself vulnerable to cyber attacks by overlooking all the devices used by your staff.

The first task for any CEO is to make their staff aware of this area of risk. Workers cannot be expected to protect themselves against something they are unaware of but once you have conducted meetings and workshops pertaining to this new element of your IT security, they will be obliged to follow the new procedures. They themselves should be willing to work with the company to secure their phone because it will keep their personal data safe as well. Workshops will equip staff members with the knowledge and understanding necessary to keep themselves and their mobile phones safe from cyber attacks. They should also be taught what to do in the event of a breach or if their phone, tablet or laptop is stolen or lost. Fast action in the face of cybercrime can significantly limit the damage done. 

Every company should have a detailed IT security policy. CEOs should be updating these regularly to keep up with the ever expanding world of cybercrime. Make sure this policy includes mobile phones and tablets. Whether these are company issued or the private property of employees, if they are used for work functions at all, strict security practices should be applied. These include the following: 

  • Using two-factor authentication 
  • Setting strong passwords and regularly changing them 
  • Only installing apps from reputable stores 
  • Backing up data 
  • Not connecting to unsecured Wi-Fi networks 
  • Being careful about who has access to your phone  

There are two kinds of cyber attacks on mobile phones. One which is targeted at someone who is known or believed to have access to valuable information. The other is completely random and involves hackers simply attacking numerous mobiles in the hope of coming across something of value. Of course, the former is the more concerning one to fall victim to because it implies the cyber criminals are well-informed and after something specific. Some people in companies, such as the CEO themselves, may be more at risk than other members of staff but everyone should employ stringent IT security policies when it comes to their mobiles just in case. 

If you think your staff are high-risk targets for cyber attacks, consider requesting them to install a security application specifically designed to protect company data. Although this is a relatively new form of mobile threat defence, companies such as FireEye, Better Mobile and Lookout all have applications available now. The spread of cybercrime from traditional computers to our handheld devices is well and truly underway and every day new developments occur on both sides of the IT security war. The only thing you as a CEO can do is keep up with them and make sure your employees are all working alongside you to secure your company’s valuable data and keep the private information of your customers safe.  

_96012299_gettyimages-507473994
IT security

Protect Yourself Against Cyber Theft

Have you ever wondered how someone could steal from your company over the Internet? Cyber theft is an ever more prevalent problem faced by small businesses just like yours. Here we explain what cyber theft is, how the computer hackers come to gain access and, most importantly, how you can improve your IT security to keep you, your company, your customers and your assets safe.

Firstly, cyber theft is defined as the act of stealing personal and/or financial information from computers to be used illegally. This can include your bank details themselves as well as your passwords, security answers and other information which can then be use to hack into your account. The people who breach your IT security systems to gain access to this information are called computer hackers and most sell on this data to third parties who can further exploit this information. Large scale examples of cyber theft include Target (70 million customers’ card details), Ebay (145 million users’ login details), Yahoo (1 billion users’ data including passwords and security information) and Anthem (80 million records hacked into at the USA’s biggest health care insurers).

Computer hackers gain access to confidential records and sensitive data in a variety of ways. Most can penetrate your systems remotely but sometimes a physical act is used to hack a computer. Leaving your computer unattended in a public space offers a computer hacker the opportunity to plug in an infected USB stick and embed malicious software (malware) on the machine. Old school, malicious and opportunistic but effective. Alternatively, an infected email as part of a phishing scam could contain a link to a malicious website or begin a download with malware embedded within it. And then there’s the good old fashioned hacking whereby simple passwords can be guessed, leaving your accounts open to tampering and exploitation.

As a business, you have a responsibility to keep the information of customers safe which is why you need to be vigilant when it comes to IT security. Make sure you run regular training sessions with all of your employees to ensure they are aware of the risks and dangers which come with working online. As well as using more complex passwords, be sure to regularly change them (once every month or two is recommended) so computer hackers can’t repeatedly abuse your systems. It is also worth investing in cloud data protection. This ensures all of your files and data are backed up in a far more impenetrable system than a physical hard drive. Finally, install anti-virus software and, most importantly, keep it up to date. Regularly released updates are not there to annoy you. They are there to patch weaknesses and vulnerabilities in the existing version. Computer hackers like easy targets and computers running an old version of software is something they specifically search for.

It’s a dangerous world out there and IT security should be a top priority for any small business. While multinational corporations such as Yahoo and Google have suffered breaches in the past, day to day computer hackers typically target smaller companies because their IT security systems are weaker and easier to bypass but they often have healthy bank balances and large reams of customer data which really deserve better protection. Don’t make yourself a target for cyber threat and invest in your IT security to protect not only your own finances but those customers who entrusted their private details to you.

dreamstime_m_33462521
IT Security

IT Security Is Essential To Guard Against Malicious Threats

Unfortunately there seems to be no end in sight with the continual onslaught of malicious ransomware threats. CrytoWall 4.0 has recently been attacking computer systems across the globe. It’s evolved from the CryptoLocker virus last year which crippled networks and extorted over $3 million from victims. To help guard against this type of ransomware threat ensure your  system is fully protected and checked over by IT Security experts.

Besides evolving to be more evasive and out manoeuvring outdated antivirus protection, the prevenance of ransomware occurs as many computer users are unaware of what it is exactly and just how easily their system can be compromised. Ransom ware can easily compromise a computer when someone opens an email with an infected attachment.

These emails may be disguised as  government letters from organisations such as the taxation office, Medicare or Australia post. Once open,  the ransomware attachment  encrypts files and demands a payment to restore the computer or else the user will have it wiped completely by the deadline! In many cases, even if the ransom is paid the users files are left corrupted and worthless.

To ensure your protection against this type of malicious ransomware activity it essential to have your system checked for any weaknesses by a professional IT Support technician. They can check to see if your backup system is running effectively. Also to ensure your system is running the latest updates and security patches. Your antivirus and firewalls will also be checked to make sure your system is fully protected.

Besides professional IT support its important to remember to never open any spam mail or attachments from a sender you don’t recognise. Its mind bogging the amount of people who do so not realising the destructive consequences of their action. It’s important to educate your family and friends about these type of malicious treats online as they may well open the cryptowall 4.0 without realising their mistake.

It you unfortunately fall victim to this scam, call your trusted IT Security technician ASAP for assistance. The last thing you want to do is pay the cyber criminals, especially is if isn’t guaranteed they will restore your computer. If your backup was running smoothly, your computer technician will be able to restore your information, up until the most recent back up and format the system. Vigilance is the key, stay protected and don’t open suspicious mail!

dreamstime_m_10241053

Protect Your Business With Help From IT Security Melbourne Experts

Last year Hewlett Packard sponsored a report on malicious activities online and their impact on businesses. Titled, 2015 Cost of Cyber Crime Study, it was conducted independently by Ponemon Institute and is a very detailed report into to the detrimental effects these attacks can have. If you are running a business it would be worthwhile reading the report and ensure you are suitably protected against potential cyber crime with the assistance of a qualified IT security Melbourne professional.

The study was conducted globally and investigated a range of businesses within the following countries: Germany, Japan, United States, United Kingdom, Russia, Brazil and Australia. Statistics were complied and then separate reports were generated for each country. The United States had the highest total average cost of cyber crime with over $15 million dollars estimated to be lost by the business involved in the study!

In Australia the study found that cyber crime had risen 13%  since the previous year. The 28 organisations taking part had an estimated loss of revenue between $792,932 to $18 million. The average cost being estimated at $4.9 million per year! These are extraordinary figures which highlight the need for your business to be suitably protected. An experienced IT support Melbourne technician can conduct a security audit to see where weaknesses are in your system.

cyber crime cost
Cost of Cyber Crime Annualized Total Cost

Other important findings that the Cost of Cyber Crime Study report found were:

  • Cyber crime costs differ between the size of an organisation. Unfortunately small businesses suffer higher costs per capita than larger businesses.
  • No industry is exempt from cyber crime. Some of the most targeted organisations include energy and utility services, financial sectors, technology industries, media, consumer products and retail stores.
  • Cyber attacks can be very costly to a business is not rectified quickly. Keep in mind the average time to resolve a cyber attack was 31 days. Some malicious attacks may lay dormant to reappear at a later stage, causing more havoc.

To alleviate any worries and be able to focus on running your business successfully and smoothly, leave IT Security Melbourne to the professionals who can close any loopholes in your current system. Don’t let your business become another victim of cyber crime!

IT Security Melbourne Can Check Your Defences With a Penetration Test

As a business owner it’s important to know that your computer systems are secure from malicious threats. Any breach within your security can cause chaos, from sensitive information being copied, such as customers banking details, to lost revenue from your business being offline. It’s important to have a penetration test performed by you trusted IT security Melbourne professional to see where your businesses vulnerabilities lie.

Many people can confuse a penetration test with a security assessment or a compliance audit. The main different with the penetration test that sets it apart from audits is that instead of just identifying vulnerabilities in a business’s system, it goes further to exploit these weaknesses to prove or disprove the effectiveness of your defence. This may take the form of multiple attacks from different sources at the same time.

Although you may think your system is up to date in regards to security it’s important to bear in mind that new vulnerabilities such a harmful viruses are uncovered everyday! These attacks are continually increasing, and their evolving complexity and ability to infiltrate systems is very alarming. By performing a “real world” security breach on your system you can see how well it stands up to online threats.

It’s vital for the security of your business to have a penetration test carried out by your trusted IT support Melbourne expert on a regular basis. They would also advise you to have a test every time you install or upgrade network infrastructure, move office locations and equipment and when security patches are applied.

The benefits of conducting regular penetration tests include:

• Your businesses security weakness are identified and the impact is measured, allowing appropriate action to be taken to remedy the most critical vulnerabilities.

• Protect your businesses image and reputation by ensuring your customers details are secure.

• Reduce costly business downtime due to network failures as a result of security breaches.

• Meet the compliance requirements of governing bodies to avoid fines, such as Payment Card Industry and Data Security Standards (PCI DSS).

By ensuring your trusted IT security Melbourne expert conducts penetration tests when required you can feel safe knowing your businesses defences are secure and working effectively.