Cyber Security Essentials and Plus
The Government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls to help organisations protect themselves against common online security threats.
Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. CE is a yearly certificate, similar to a car’s MOT. CE certification can’t guarantee that you will not be affected by a cyber-attack, but it will dramatically reduce the chances of this and provides you with a government recognised certification that you can show to your customers and suppliers.
The strict definition of a computer virus is a program or code that is designed to spread from one PC to another through varying means. It’s important to include that definition as Antivirus software by definition only needs to address threats that meet it. Some Antivirus software packages include other features such as malware protection, meaning that Antivirus packages can vary greatly. Management of an Antivirus is normally possible through centrally managed portals.
Even with all of the other packages we offer around it, Antivirus software is still an essential item for protecting your PC/network and stopping the spread of infection from one PC to another. In today’s market organisations need little convincing that an anti-virus is needed, however the grade and how it will be monitored can vary greatly. Un-monitored Antivirus products are nearly as ineffective as not having one, there are often items that need your attention and may include manual actions to remove an active threat.
Ransomware is a form of malware, or malicious software that is a lot more complicated than typical malware. Ransomware can present itself in different ways, for example:
- Locker ransomware encrypts the whole hard drive of the computer, essentially locking the user out of the entire system.
- Crypto-ransomware will only encrypt specific, seemingly important files on the computer, such as word documents, PDFs and image files.
Ransomware does exactly what it sounds like – it gives the end users an ultimatum: pay a fee to unlock and reclaim your personal data, or don’t pay the fee and lose the data forever.
Ransomware can automatically corrupt and delete files if monetary compensation is not received, leaving most users with little time to resolve the problem through alternate means. However, just like malware, ransomware is an evolving threat that can become more sophisticated over short periods of time. Also, there are no guarantee that one the fee is paid that the data will be decrypted and once you have been hit you are susceptible to being targeted again and again.
Many estimates are that the average organisation in the small/medium business bracket can expect an outage of 48 hours or more whilst backups are restored. As long as backups are being taken correctly and unaffected by the outbreak. Some studies have shown that 1 in 5 small businesses had to close down after ransomware attacks.
3rd Party SPAM Filtering
A third-party spam filter is designed to fit between your email server and the outside world. Many email servers or even anti-virus software packages come with some spam protection built in, however, we recommend using a company who specialise solely in SPAM protection as the methods they deploy are much more advanced than any bundled version.
Many years ago, SPAM was seen as a nuisance that would slow down internet connections, fill inboxes with obvious adverts or contain easy to spot attachments that should not be run. In today’s climate SPAM has evolved to pose one of, if not the biggest, threat to your network and company reputation. Some estimates are that over 90% of successful data breaches were started with a phishing email.
Phishing may leave your entire mailbox and contact list open and is not always spotted immediately. Once in, a Cyber Criminal will take their time to find out about you and then use this information to take money from you/your business.
There are also many other vectors to consider such as CEO fraud where fraudsters try to impersonate key staff members asking for funds to be transferred urgently. Other attacks see fraudsters playing a long-term attack waiting to intercept a key invoice for a larger amount and we have seen multiple organisations lose over £10,000.
With most attacks coming through phishing, the Cyber Criminal is using ever more advanced social engineering to get users to unwittingly give them access. Regardless of how many layers of automated protection you have, if a person is tricked into doing something, then you are effectively giving away the keys to the castle. Training staff to understand threats and keeping them up to date has become ever more important and is the last line of defence that your business has.
Housekeeping is a term used to describe the optimisation of a hard drive. Housekeeping commonly involves removing old or unused files and programs, backing up data, or running disk utilities such as a ScanDisk or Defrag.
As with any form of general house keeping it is not essential but good practice, however if your machine has an old style hard disk then running a regular defrag will avoid performance issues building over time.
An external firewall is security software or a device that is located somewhere other than the one built into your PC. These firewalls are often loaded onto network devices such as routers and can control not only the inbound traffic but the outbound too. Depending on the grade and configuration they can control content and even provide a gateway antivirus. The latest firewalls combine a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection, an intrusion prevention system.
Firewalls can also be used to allow multiple internet connections for redundancy and load balancing.
If we think of the firewall as being passport control on the edge of your network or a drawbridge to a castle it dictates who can get in or out. If your firewall is open, then any code or program downloaded to your network has free reign to communicate where ever it wants to. A high-grade firewall answers a question we are often asked, “how can we monitor what sites users visit or how to block unwanted content?”.
A correctly configured high grade firewall will often block access to sites that contain malware and if it does get through will block its communication to the outside world. This also includes ransomware which has its own section on this article.
With lots of customers now moving services to the cloud there is a greater dependency on internet connections. The ability to have multiple internet connections means that if one goes down, you can still carry on working. BT state that it aims to fix most major line faults within 2 days. What would this mean to your organisation?
2 Factor Authentication
Two-factor authentication (also known as 2FA) is a type of multi-factor authentication. 2FA is a method of confirming a user’s claimed identity by utilising something they know (password) and a second factor they do not know, ie, a generated passcode or biometrics etc. This is vital in the current climate as once an attacker has your password; they have the keys to your world. This does however become irrelevant with 2FA as they won’t have both.
The most prevalent form of cyber-attack we see is Office 365 passwords being hacked and then the hacker using the information that they have access to for fraudulent purposes. Aside from Office 365 we also recommend that you have 2FA in place for any other online services that you use, such as your bank and accounting systems where it is available.
With 2FA in place, should a password be compromised then the second level of authentication will prevent access and can even be set so that the user will know that something is wrong, thus allowing a proactive approach to the situation.
Patch Management – is a set of changes to Microsoft Software designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs in an aim to improve the usability or performance.
Viruses, malware and ransomware can be used to target weaknesses within an operating system and enable them to spread. For example, it was widely publicised back in 2017 when many Ukrainian institutions were targeted by ransomware. This attack was carried out on 27th June using an exploit that Microsoft had released patches for on 14th March. An estimated $10 billion dollars was spent cleaning up after an exploit that could have been closed 3 months earlier.
3rd Party Patching
Similar to Patch Management, except this is for programs other than Microsoft which are commonly missed in internal maintenance. This includes programs like Adobe, Dropbox and Firefox, in an aim to eliminate vulnerabilities before they’re exploited AND infect your PC with malware.
As with the windows operating system, Cyber Criminals will look to target any unpatched weaknesses to gain access to your computer and whilst not as high a risk as operating system exploits, this is still a high risk area to be considered.
Backup and Offsite Backup
Backup refers to the copying of physical or virtual files or databases to a secondary location for preservation, in case of equipment failure or catastrophe. Backups capture and synchronize a point-in-time (PIT) snapshot that is then used to return data to its previous state.
If you don’t have a backup and your data is corrupted or lost then you will have to re-create everything from scratch and that is not something that any organisation is likely to come back from.
An offsite backup is a backup process or facility that stores data or applications externally to the organisation or core IT environment. It is similar to a standard backup process, but uses a facility or storage media that is not physically located within the organisation’s core infrastructure. This is vital, especially against threats like Ransomware, as it would mean that no matter how bad an infection gets you will have a go back point to return to.
If your backup data is stored in one location and that location or the data is lost or becomes corrupted, then you will have no way of getting your data back. Ultimately, the statistics for any company that lose all of their data shows that they will not survive, therefore making sure that you have an appropriate Disaster Recovery solution in place is essential for any organisation.
No protection is infallible, so a good backup and disaster recovery plan is vital.
Find out more
If you would like to speak to us about our IT security solutions, please ring us on 020 8649 9911.