On 14th January 2020 several mainstream Microsoft Operating Systems reached End of Life. This will likely lead to a dramatic rise in cybercrime and malicious activity, so even if you’re not directly affected what better time to evaluate your network security? Here are 10 useful tips to help you do all you can to protect your business-critical data.
1) Keep your systems up to date. If you are using Windows
Small Business Server 2011, Server 2008, Exchange 2010 or Windows 7 within your business then you need to make an urgent plan to upgrade. Microsoft no longer supports these Operating Systems and hackers have been busy preparing for this date, looking to exploit any insecurities and weaknesses. If you have users running Microsoft Office 2010, this also goes End of Life in October 2020 and after that date Outlook will no longer connect to Office 365 for emails.
2) Deploy a robust proprietary firewall with ‘Unified Threat Management’
Just because a product says ‘firewall’ on the box that doesn’t mean that it’s up to the job. Avoid routers with built-in firmware firewalls and instead spend a little extra money on a proprietary firewall from the likes of Fortinet or ZyXEL with a built in UTM bundle to provide additional virus scanning, content filtering and intrusion prevention/detection.
3) Choose a business-grade anti-virus solution
With so many AV products on the market it’s difficult to know which provides the best protection. Visit av-comparatives.org and look at their quarterly independent Real-World Business Security tests. These tests measure not only the protection rate of all the major vendors but also false alarms where genuine traffic is blocked in error. VIPRE and ESET currently score highly, but make sure you check out previous reviews for a more balanced comparison.
4) Don’t rely on Office 365 alone to cover your mail filtering requirements
Filtering unwanted messages from your organisation’s inbound email traffic is one of the most important things you can do to fight against cybercrime. The filtering service built into Office 365 isn’t particularly strong, so consider using an independent service from a reputable vendor such as SpamTitan or Mimecast. Office 365 users should also consider activating ATP (Advanced Threat Protection) which provides malicious link scanning and attachment sandboxing.
5) Implement a strong password policy
Having separate passwords for all your different applications may be a pain but it’s better to be safe than sorry. Strong passwords should include a combination of uppercase, lowercase, numbers and special characters. If you have a server with domain authentication, then your password policy can easily be enforced across the whole organisation.
6) Consider Multi-Factor Authentication (MFA)
MFA works by requiring more than one method of authentication to verify the user’s identity, such as a banking app requiring text or pin number verification in addition to just the password. MFA can be used in many scenarios such as logging onto your domain, connecting to a VPN or simply accessing emails. Office 365 has MFA built in for free allowing you to secure each of your devices with a one-time authentication process.
7) Review shared file and folder permissions
Threats such as ransomware can spread through an organisation like wildfire and one click on a bad link can infect the whole network. By ensuring your staff have permissions to only access the network areas they need, you can limit the spread of this malware, reducing downtime and data loss.
8) Ensure multiple forms of data backup are in place and tested regularly
Relying on a single form of backup is risky. What if the restoration fails? It’s always best to have multiple forms of backup, including at least one local method such as tape, removable media or NAS along with a secure Cloud backup such as Acronis or Microsoft Azure. Alternatively, products such as Datto combine these into a single solution with local NAS device encrypting data and replicating in real-time to the Cloud, providing full business continuity and disaster recovery.
9) Create a culture of awareness in your organisation
Most data breaches are caused by unsuspecting staff clicking on links in emails, opening malicious attachments or falling victim to phishing scams. Prioritising IT education in your organisation is vital. IT security should be an agenda item for all regular staff meetings and it’s worth considering Internet Security and Phishing Awareness training for your staff.
10) Develop a multi-layered approach to IT security
There is no single ‘magic box’ solution to deal with cybersecurity and no combination of services is guaranteed to offer 100% protection. However, by developing a structured and layered approach, you can mitigate the threat of cybercrime and ensure that if the worst happens, you are able to recover quickly.
This article has been abridged and taken from our feature in the January 2020 Tech Edition of Surrey Business Magazine.
This article is from our Winter 2020 Soundbytes Newsletter. To read the other articles from the newsletter, click on a links below: