Educating Your Staff About IT Security

Every CEO should be taking the time to ensure all their employees are upholding rigorous business IT security practices. All computers and devices connected within your company represent a potential vulnerability. It takes one mistake, or malicious act, to open up your computer network to a cyber attack. Taking a proactive approach to your IT security is the best way to mitigate your risks and protect your valuable assets. This begins with a stringent background check on every person you employ but must continue from the day they begin to work for you. 

Firstly, every company should have a business IT policy in place which outlines the responsibilities of every employee in terms of upholding IT security and what to do in the event of a cyber attack. You should not assume employees are practicing relatively simple measures such as changing passwords regularly or not leaving their computers unattended. Every expectation should be spelled out in a document as well as presented at a workshop. This ensures everyone knows what is expected of them and regular meetings or emails serve to remind everyone to always remain vigilant. 

Employees should know what to look out for both in terms of not falling victim to phishing scams but also if their computer or device has been compromised. If they are able to recognise when something is not right, they are in the best possible position to alert the business IT department to a problem. Fast responses mitigate the subsequent losses. 

In every company, there are individuals who are more likely to become targets than others. Those in higher management positions with access to more valuable documents and data are more likely to be the target of a cyber attack simply because the pickings are richer. Similarly, the IT department themselves must be staffed with skilled and trustworthy individuals as they have access to the entire network. It is advised that all higher management meet with the business IT security team regularly to discuss their security practices. 

Once you feel you have educated your staff to the necessary level, it is important to put them to the test. Many penetration tests are designed not to seek access through the IT security system themselves but into the building and onto computers using employees. The front desk is the first line of security for your company and these people must be diligent when it comes to checking IDs and only allowing through individuals with appointments. Similarly, if a USB stick is left in the car park, would an employee pick it up? And if they do, would they plug it into their computer? Would they give out information to a caller posing from a company claiming to be affiliated with your business? These are all examples of social engineering techniques regularly used to instigate a cyber attack. 

There are countless ways in which a company can fall victim to a cyber attack. Remember; you are only as strong as your weakest link. Hold regular meetings and put on periodical, mandatory IT security training sessions to act both as a refresher course and also a way to deliver new and up-to-date techniques. Invest time and effort in educating your staff to ensure your business IT practices remain impenetrable.  

dreamstime_m_14003169
Business IT
Advertisements

The Danger of Lax Mobile Phone Security for Your Company

All CEOs are responsible for protecting customer data and most companies now employ holistic IT security protocols for all of their computing systems. Often forgotten, however, are handheld devices such as tablets and mobile phones, increasingly vulnerable to cybercrime and rarely given the protection they warrant. If your staff are accessing their work emails or other documents on their mobile phones, it is the job of the CEO to ensure your customers continue to be protected. Don’t leave yourself vulnerable to cyber attacks by overlooking all the devices used by your staff.

The first task for any CEO is to make their staff aware of this area of risk. Workers cannot be expected to protect themselves against something they are unaware of but once you have conducted meetings and workshops pertaining to this new element of your IT security, they will be obliged to follow the new procedures. They themselves should be willing to work with the company to secure their phone because it will keep their personal data safe as well. Workshops will equip staff members with the knowledge and understanding necessary to keep themselves and their mobile phones safe from cyber attacks. They should also be taught what to do in the event of a breach or if their phone, tablet or laptop is stolen or lost. Fast action in the face of cybercrime can significantly limit the damage done. 

Every company should have a detailed IT security policy. CEOs should be updating these regularly to keep up with the ever expanding world of cybercrime. Make sure this policy includes mobile phones and tablets. Whether these are company issued or the private property of employees, if they are used for work functions at all, strict security practices should be applied. These include the following: 

  • Using two-factor authentication 
  • Setting strong passwords and regularly changing them 
  • Only installing apps from reputable stores 
  • Backing up data 
  • Not connecting to unsecured Wi-Fi networks 
  • Being careful about who has access to your phone  

There are two kinds of cyber attacks on mobile phones. One which is targeted at someone who is known or believed to have access to valuable information. The other is completely random and involves hackers simply attacking numerous mobiles in the hope of coming across something of value. Of course, the former is the more concerning one to fall victim to because it implies the cyber criminals are well-informed and after something specific. Some people in companies, such as the CEO themselves, may be more at risk than other members of staff but everyone should employ stringent IT security policies when it comes to their mobiles just in case. 

If you think your staff are high-risk targets for cyber attacks, consider requesting them to install a security application specifically designed to protect company data. Although this is a relatively new form of mobile threat defence, companies such as FireEye, Better Mobile and Lookout all have applications available now. The spread of cybercrime from traditional computers to our handheld devices is well and truly underway and every day new developments occur on both sides of the IT security war. The only thing you as a CEO can do is keep up with them and make sure your employees are all working alongside you to secure your company’s valuable data and keep the private information of your customers safe.  

_96012299_gettyimages-507473994
IT security

Tech-Savvy Employees Can Be Dangerous

Most job advertisements these days cite the importance of computer literacy. From Microsoft Office packages to social media management to coding to graphic design, there is always use for technological skills in business. Although every employer wants a tech-savvy team behind them, there are some cyber crime risks to filling your company with these people. While these skills can be used to boost your business, they can also be used to exploit it, taking advantage of weakened internal IT security and launching cyber attacks from inside.

Here’s a horror story for bosses around the world. A former security officer, Yovan Garcia, has been found guilty of bypassing IT security, hacking his former employer’s systems and conducting a number of cyber crime activities. Firstly, Garcia changed his timesheets to show he worked significantly longer than he did, entitling himself to additional overtime pay. His cyber attacks went further than simple financial rewards, however, and he stole records and details when enabled him to set up a competing business. Garcia was found guilty and ordered to pay back $318,611.70 to his former employer, with additional legal costs potentially added in the future.

It is often far easier to launch these kinds of cyber attacks internally. Garcia managed to get hold of login credentials which enabled him to gain access to the systems. He had not been authorised to do so. However, speculation suggests another employee may have handed them over, intentionally or otherwise. People are automatically more likely to trust their colleagues and not suspect them of being an IT security risk. With the company’s guard down, this environment can be rich pickings for black hat hackers who want to use their skills for cyber crime.

Of course, this is a highly pessimistic view of society and the vast majority of people are not going to set out to maliciously exploit their employers through cyber attacks. However, the fact remains that an increasing number of people have, in theory, the capacity to commit cyber crime. Once you know your way around a computer, you can use your skills in any way your moral compass tells you to. So the question you should ask yourself when you’re hiring new tech-savvy employees is: are they white hat hackers or black hat hackers?

The best way to protect your own company is to heighten every aspect of your IT security. If your software is up-to-date and you have strong firewalls, your weak-points are your employees. Firstly, you need to conduct regular training sessions to ensure every one of them understands the importance of constant vigilance when it comes to cyber crime. Secondly, you need to employ people you trust. High staff turnovers leave your vulnerable. When you must hire new employees, references from previous jobs are essential. Don’t let your guard down and be sure to scrupulously uphold your IT security protocol to ensure you too don’t fall victim to an internal cyber attack.

For more support and advice on this topic, contact Ctrl IT and speak to one of our experts.

_96012299_gettyimages-507473994
IT Security

No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

dreamstime_m_36206735
IT Security

Protect Yourself Against Cyber Theft

Have you ever wondered how someone could steal from your company over the Internet? Cyber theft is an ever more prevalent problem faced by small businesses just like yours. Here we explain what cyber theft is, how the computer hackers come to gain access and, most importantly, how you can improve your IT security to keep you, your company, your customers and your assets safe.

Firstly, cyber theft is defined as the act of stealing personal and/or financial information from computers to be used illegally. This can include your bank details themselves as well as your passwords, security answers and other information which can then be use to hack into your account. The people who breach your IT security systems to gain access to this information are called computer hackers and most sell on this data to third parties who can further exploit this information. Large scale examples of cyber theft include Target (70 million customers’ card details), Ebay (145 million users’ login details), Yahoo (1 billion users’ data including passwords and security information) and Anthem (80 million records hacked into at the USA’s biggest health care insurers).

Computer hackers gain access to confidential records and sensitive data in a variety of ways. Most can penetrate your systems remotely but sometimes a physical act is used to hack a computer. Leaving your computer unattended in a public space offers a computer hacker the opportunity to plug in an infected USB stick and embed malicious software (malware) on the machine. Old school, malicious and opportunistic but effective. Alternatively, an infected email as part of a phishing scam could contain a link to a malicious website or begin a download with malware embedded within it. And then there’s the good old fashioned hacking whereby simple passwords can be guessed, leaving your accounts open to tampering and exploitation.

As a business, you have a responsibility to keep the information of customers safe which is why you need to be vigilant when it comes to IT security. Make sure you run regular training sessions with all of your employees to ensure they are aware of the risks and dangers which come with working online. As well as using more complex passwords, be sure to regularly change them (once every month or two is recommended) so computer hackers can’t repeatedly abuse your systems. It is also worth investing in cloud data protection. This ensures all of your files and data are backed up in a far more impenetrable system than a physical hard drive. Finally, install anti-virus software and, most importantly, keep it up to date. Regularly released updates are not there to annoy you. They are there to patch weaknesses and vulnerabilities in the existing version. Computer hackers like easy targets and computers running an old version of software is something they specifically search for.

It’s a dangerous world out there and IT security should be a top priority for any small business. While multinational corporations such as Yahoo and Google have suffered breaches in the past, day to day computer hackers typically target smaller companies because their IT security systems are weaker and easier to bypass but they often have healthy bank balances and large reams of customer data which really deserve better protection. Don’t make yourself a target for cyber threat and invest in your IT security to protect not only your own finances but those customers who entrusted their private details to you.

dreamstime_m_33462521
IT Security

IT Security Is Essential To Guard Against Malicious Threats

Unfortunately there seems to be no end in sight with the continual onslaught of malicious ransomware threats. CrytoWall 4.0 has recently been attacking computer systems across the globe. It’s evolved from the CryptoLocker virus last year which crippled networks and extorted over $3 million from victims. To help guard against this type of ransomware threat ensure your  system is fully protected and checked over by IT Security experts.

Besides evolving to be more evasive and out manoeuvring outdated antivirus protection, the prevenance of ransomware occurs as many computer users are unaware of what it is exactly and just how easily their system can be compromised. Ransom ware can easily compromise a computer when someone opens an email with an infected attachment.

These emails may be disguised as  government letters from organisations such as the taxation office, Medicare or Australia post. Once open,  the ransomware attachment  encrypts files and demands a payment to restore the computer or else the user will have it wiped completely by the deadline! In many cases, even if the ransom is paid the users files are left corrupted and worthless.

To ensure your protection against this type of malicious ransomware activity it essential to have your system checked for any weaknesses by a professional IT Support technician. They can check to see if your backup system is running effectively. Also to ensure your system is running the latest updates and security patches. Your antivirus and firewalls will also be checked to make sure your system is fully protected.

Besides professional IT support its important to remember to never open any spam mail or attachments from a sender you don’t recognise. Its mind bogging the amount of people who do so not realising the destructive consequences of their action. It’s important to educate your family and friends about these type of malicious treats online as they may well open the cryptowall 4.0 without realising their mistake.

It you unfortunately fall victim to this scam, call your trusted IT Security technician ASAP for assistance. The last thing you want to do is pay the cyber criminals, especially is if isn’t guaranteed they will restore your computer. If your backup was running smoothly, your computer technician will be able to restore your information, up until the most recent back up and format the system. Vigilance is the key, stay protected and don’t open suspicious mail!

dreamstime_m_10241053

IT Security Can Check Your Defence With a Penetration Test

As a business owner it’s important to know that your computer systems are secure from malicious threats. Any breech within your security can cause chaos, from sensitive information being copied, such as customers banking details, to lost revenue from your business being offline. It’s important to have a penetration test performed by you trusted IT security Melbourne professional to see where your businesses vulnerabilities lie.

Many people can confuse a penetration test with a security assessment or a compliance audit. The main different with the penetration test that sets it apart from audits is that instead of just identifying vulnerabilities in a business’s system, it goes further to exploit these weaknesses to prove or disprove the effectiveness of your defence. This may take the form of multiple attacks from different sources at the same time.

Although you may think your system is up to date in regards to security it’s important to bear in mind that new vulnerabilities such a harmful viruses are uncovered everyday! These attacks are continually increasing, and their evolving complexity and ability to infiltrate systems is very alarming. By performing a “real world” security breach on your system you can see how well it stands up to online threats.

It’s vital for the security of your business to have a penetration test carried out by your trusted IT support Melbourne expert on a regular basis. They would also advise you to have a test every time you install or upgrade network infrastructure, move office locations and equipment and when security patches are applied.

The benefits of conducting regular penetration tests include:

  • Your businesses security weakness are identified and the impact is measured, allowing appropriate action to be taken to remedy the most critical vulnerabilities.
  • Protect your businesses image and reputation by ensuring your customers details are secure.
  • Reduce costly business downtime due to network failures as a result of security breaches.
  • Meet the compliance requirements of governing bodies to avoid fines, such as Payment Card Industry and  Data Security Standards (PCI DSS).

By ensuring your trusted IT security Melbourne expert conducts penetration tests when required you can feel safe knowing your businesses defences are secure and working effectively.