3 IT security take-aways from the Sony hack

security

Any business can become the victim of security breaches on a mass scale, as shown by the debacle which recently eclipsed Sony and forced it to temporarily cancel the release of blockbuster movie The Interview. Beneath the dramatic headlines are lessons for small business owners everywhere in how simple errors in IT security management can have grave consequences. These tips will help prevent your firm being the next to suffer Sony’s fate.

Don’t let basic security habits slip

Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.

Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.

One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.

Take a flexible and agile approach to IT

IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms – it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.

All of this uses staff and resources that your small business might not have – which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.

Equally, know when it is time to ditch data – think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it – in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.

Backup, backup, backup

The last thing you want in the event of a security breach is for it to hit your day-to-day operations – the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper and even the fax machine.

As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.

Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Malware and the Human Factor: The Role of User Education

Securing your business data is twofold. The first part entails having the right security software and security policies. The second is providing the right user training to your employees, making them more aware of the different scams and ploys used in socially engineered cyber-attacks. One of the things many people fail to realize is that securing business data from malware and other sorts of cyber-attacks doesn’t stop with implementing the right security software. These days, cyber-criminals also use all sorts of tricks to bait unsuspecting employees into being catalysts for malware entering your system. Reports cite that as much as 60 percent of cyber and malware attacks on businesses are done through social engineering – meaning that instead of a direct attack on your system, hackers are using ploys found on email and social networks to get people in your organization to unwittingly introduce malware into your IT infrastructure. This is why it’s equally important to put emphasis on training your employees to recognize common cyber-attack strategies such as phishing, or how to use proper virus scanning software so any external or thumb drives they plug into their computers are malware-free. Remember, it only takes one mistake from a gullible employee to open the gates of your system to keyloggers and other sorts of malware and viruses. Keeping your company’s IT system safe is an investment. Getting the right security protocols and then training your employees to not only use and respect these protocols but also be more aware about security risks goes a long way in keeping your data safe and your operations stable.

Continue reading

Security: Don’t be the Next Victim

Symantec recently released a study showing dire figures – at least 50% of SMBs out there have little to no disaster-preparedness plan, which if left unchecked can cost thousands of dollars in lost revenue. The risks are real enough, with an SMB standing to lose somewhere in the ballpark of $12,500 PER DAY when operations are interrupted because of security breaches or malware attacks. According to Symantec, of the 1288 SMBs they surveyed worldwide, about half have no security or disaster-preparedness plan whatsoever. Of that 50 percent, 36 percent intend to get or create a plan in the future, while the remaining 14% have no plans on their agendas whatsoever. With these figures, it’s hardly surprising that the study also found that many SMBs only act when it’s too late – which causes not only lost revenue for them, but for their clients as well. More than half of the surveyed SMB clients – 552 – said that they have had to switch providers due to unreliable and irresponsible service. Numbers do not lie: security is more important than you might think. Don’t wait until the last minute to find out just how essential it is before enacting a security plan of your own – for your sake as well as that of your clients. Having the right kind of system in place is vital to keeping your operations smooth and efficient, as well as enabling you to better respond to your clients’ needs. If you want to know more about implementing the proper security and disaster-preparedness protocols for your business, please contact us and we’ll be happy to sit down and create a customized plan that will meet your specific needs and requirements.

Continue reading