Cyber Security is the latest IT-related buzz word. As is often the case, this covers a huge range of topics, but our focus is always the small- to medium-sized businesses and their IT needs, so that’s where I’ll start.
The threats, attacks, and the onslaught of social engineering efforts against businesses have become staggering. It used to be that up-to-date anti-virus software, a firewall, and anti-spam for inbound/outbound email was all you needed to be fairly secure, especially if you were a ‘small’ company.
There’s a strong perception that a small business is just too small for hackers to bother with – that is absolutely NOT TRUE. So, is this threat real, or are we just exaggerating and creating fear? I’m confident that if you check the news, you will hear of small, medium, and large companies being compromised. I’ve visited new clients only to hear they’ve paid the ransom several times!
So where to start? The best starting place is the basics: a good anti-virus software that is up-to-date; a firewall with country blocks and specific port configurations; anti-spam filtering, inbound and outbound.
Next, educate your staff and arrange ongoing educational opportunities. The number one reason hackers get in is the human factor! This can include weak passwords, sharing log on credentials, and walking away from your computer but staying logged in. Social Engineering in this venue is the process of determining what types of ‘hooks’ a user will fall for such as email that looks like it came from your bank, a package delivery notice, or a document that needs to be signed.
When you look at these email messages, the sender might have the wrong domain name, or it is spelled wrong; they often include requests to provide the user name and password, something your staff should NEVER provide. Be skeptical!
Helping your staff approach email with a critical eye will go a long way in protecting your network and data, as well as their personal data. Who sent the email? Is there a link to click on (who knows where that actually goes)?! Is this a bank you don’t even do business with? Are we expecting a package (just call them)?!
Watch for the wrap up of this article, Cyber Security: Part II! – CMW