It’s time for our Summer IT Security News Update! With cybercrime hot on the agenda and email security threats on the rise again, this month Jamie lists the three best things you can do to help prevent your business from falling victim to cybercrime and keep your data more secure.
Regardless of your company’s size or the sector you work in, if you use any form of IT nowadays you can’t afford to ignore the potential security risks to your business data that come with it. Especially if your employees are working off site, from home and accessing your files daily. Cybercrime is big business and hackers are continuously adopting devious methods to try and steal data. So, this month I’m going to list some of the best things you can do to help protect your organisation and keep it more secure.
MFA MFA MFA – until I’m blue in the face, MFA!
There are an estimated 24.6 billion sets of credentials (personal data) for sale on the dark web. 24.6 BILLION! I wonder how many of those credentials belong to you, others within your organisation, or perhaps your family and friends?
Of those credentials, I wonder how many of them are currently not protected with Multi-Factor Authentication (MFA), meaning that hackers literally just need to obtain a username and a password to gain access to an account. I deal with compromised accounts on almost a weekly basis. It’s incredibly common but that’s because it’s so easy for cybercriminals to get hold of a person’s credentials.
Having a copy of someone’s mailbox available for download on the dark web puts you in an awkward position, particularly if it contains sensitive information and most mailboxes tend to hold something in them that we’d rather keep private. If there is no MFA setup to protect the account, the hackers are in. In fact, I would go so far as to say that not having MFA enabled these days is negligent, so please put this on the top of your agenda.
Why is it so easy to get someone’s credentials? Phish away.
Often, it’s as simple as getting someone to click a link in an e-mail that takes them to a site that looks very like the real thing. As they enter their login details, these are sent to the hackers in real time. The user is left a little confused, but often replies to the initial e-mail saying they couldn’t open or access it. Or they can just get someone to click a link or open an attachment that immediately installs something on their machine that will steal data. Saved browser passwords for example.
The cyberthreat landscape for phishing and malware via e-mail is constantly evolving and is now one of the main methods hackers use to gain access to company data. Your employees need to be aware of this and anything they can learn about what to anticipate will definitely help.
If your staff don’t adopt a degree of caution when using e-mail (even when it appears to be from a known contact), then I would suggest that they need some training. I have everyone here at Net Tech paranoid - it’s one of my “test” e-mails. It’s helped lower the click rate dramatically. Less clicks, less exposure. Less likely to have any stolen data!
We offer monthly simulated Phishing Awareness campaigns, whereby if a user clicks on something they shouldn’t, the campaign enrols them into a training portal where they then login and watch some short videos. The training material changes monthly to keep things fresh and engaging. The difference this simple testing can make to your security is incredible.
We’ll be OK, we have a strong Firewall and robust Anti-Virus!
Yes, but that’s only half the story. Even with the best Firewall, or the most solid Anti-Virus in place, it’s still a big old wall with lots of other considerations.
We’ve recently partnered up with IT security company, Qualys which offers a Cloud-based Vulnerability Scanning solution that gives us the ability to scan and test those walls, both from outside and from within your IT network. It can check firewalls, routers, switches and machines on the network, and report back any issues it finds. The vulnerabilities can then be addressed and secured resulting in your surface attack area decreasing. It’s also worth noting that it is a compliancy piece and a requirement of Cyber Essentials Plus to be carrying out these scans.
If you are looking to protect your organisation against cybercrime by improving your IT security and your business doesn’t currently have MFA setup, or you would like to know more about our monthly Phishing Awareness campaigns or perhaps find out more information on how Qualys Vulnerability Management could help, contact your account manager or drop me a line at email@example.com for more information.