Preventing Data Attacks
Kick start with a risk assessment
If your business is just starting out and you don’t currently have any fundamental security measures, then it is important to begin by carrying out a comprehensive risk analysis of your business. If you already have security measures, then it might be a good idea to re-evaluate them or carry out patch tests. A risk assessment is the best way to ensure that the cyber security measures you choose are appropriate for your organisation. Not only does a risk assessment inform you of the most likely events to take place; but it can also prevent time and resources being wasted on measures that will be defending your business against events, that are unlikely to even occur.
Likewise, you may overlook or underestimate some circumstances that could greatly impact and damage your business. For these reasons it is more efficient to undertake an in-depth evaluation of the complete risk management process, including the various threats that could affect your assets, i.e. laptops, customer data, hardware and systems. When evaluating risk, you should aim to identify any potential threats,by labelling them mild to severe. Create security measures and introduce an incident report strategy if anything should happen. You could also carry out a secure ‘Penetration Test’, in order to recognise where your weak points and vulnerabilities are.
Would your passwords pass?
While we all hate having to update them, passwords are the lock and key to keeping your business and data safe. We all know they are important to have, but would yours pass under pressure? When it comes to business security, the reality is that any data big or small is valuable and hackers are keen to get their hands on it. Naturally businesses will find it harder to keep up with security due to there being more risk at stake (compared to a single user). The question is, are your password habits setting your business up to being exposed to an attack? When carrying out a risk assessment, it is important to review your company’s vulnerabilities, including passwords. Here are a few actions that can keep your gates strong and your castle safe.
Our Top Five Tips
Educate your employees |
The most essential part of any business are the people behind it. It is essential that your employees know the risks and measures in place to keep your business secure. Educate you team and implement good practices for passwords by regularly updating them and not sharing with other colleagues.
Set up password strength requirements |
This sounds like an obvious point, but there are still companies that don’t enforce password strength requirements. This means that their employees are using passwords that are likely to be weak and risking the chances of a data breach.
Establish a level of access |
Devise a ‘Core Security Policy’, by limiting access to your company’s most delicate information. Designate a selection of people VIP access and only give access to those employees who truly need it. Don’t forget to regularly re-evaluate this, especially if people leave the business!
Set up MFA |
Multi-Factor Authentication (MFA) is a security measure that requires the user to go through more than one method of authentication, before being given access. The point of having MFA is to create a layered defence method, which should make it harder for an unauthorized person to enter.
Keep an eye on your activity |
Monitor your activity across all company accounts with regular activity reports, including the data accessed, when and which user accessed it. If a problem arises you will be able to identify it more easily.
Is your back covered?
If you have ever lost any of your files before or had your device wiped, you should be familiar with that huge sigh of relief knowing that you have a secure backup. Data loss can happen for many reasons; from spilling a coffee on your computer, to a large-scale data breach. Nevertheless, having an up-to-date copy or a couple of copies of your business data could potentially save your company from disaster. It’s best to think of backing up your business in two parts, local back up and offsite back up.
Hard drives |
A local backup solution could be using an external hard drive or USB flash drive. Copying files this way is an effective method of ensuring backups are available locally and are at hand when you need them. It is not advised however, to rely solely on this technique as hard drives can be stolen, become damaged, reach capacity and wear out over time.
Imagine you lose your laptop or realise it has been stolen, knowing that someone had unlimited access to all your personal data and documents would feel awful. Even if your laptop is protected with a password, an attacker could still potentially gain access to it. So how do we prevent this scenario from happening? The most effective way is to encrypt the device by making its entire contents available only to you, or through a recovery key. The recovery key is a 48-digit number that unlocks the encrypted device. Without it the data remains encrypted. Bitlocker is the brand of encryption that Microsoft Windows uses.
Software and Applications |
Many businesses use online websites to store backup copies of important files, such as Google Drive, Dropbox and NetSuite. These types of services are good for storing and sharing files but have their restrictions. Macs and most Windows PCs also have built-in software and security tools such as ‘Windows Defender’ which can easily back up and recover your computer’s essential data for you and prevent malware attacks.
The current megatrend and future of data security seems to be the use of Cloud based applications, empowering businesses to become more mobile and welcoming BYOD. In short Cloud services allow your business to create an automatic and regulated backup of the system, by storing as many versions of data as your business needs on remote offsite servers. They are an excellent choice for any business looking for an additional source of security when onsite threats or physical disasters strike. Cloud can be easily accessed anywhere through an internet connection, meaning more offices are encouraging their employees to work remotely.
Data Centres |
A data centre houses all of your businesses IT and stores it in a secure location offsite. They must always be running, remaining secure and functional with extensive CCTV covering secure entry and exit points. Data centres can house data for multiple companies at once, this means that they can often have multiple security measures in place to protect the data they handle. Data centres and Cloud usually work simultaneously together, with all Cloud-based services such as SaaS and IaaS being based within data centres.
The OSI Model |
The OSI Model or ‘Seven Layers Model’ was actually first established in the 1970’s when computer networking began. The OSI Model uses seven layers to give an organisation a visual explanation of what is happening within their networking system. It is beneficial for businesses for aiding network managers to narrow down any potential problems on the network. The seven stages of the OSI Model consist of:
7: Application -The layer that is the closest to the end user, such as Google Chrome, Safari or Firefox.
6: Presentation – The preparation or translation of application format to network format.
5: Session – Created to allow computers and servers to speak to each other.
4: Transport – The co-ordination of data being transferred between the end systems and the hosts.
3: Network –Responsible for packet forwarding through different routers.
2: Data Link – The layer using node-to-node data transfer.
1: Physical- The physical representation of the system itself.
If you can understand the method of using the OSI model and the purpose of each of its layers, then you can apply this when identifying which protocols and devices can work simultaneously with each other, especially when new technologies are developed.
Software engineer Phil Zimmermann created ‘Pretty Good Privacy’ (PGP) back in 1991, but today it is owned by Symantec.PGP Keys work through means of communication such as an email, by using a public key to lock and a private key to unlock a message. A user would take the public key and encrypt a message and send it to a second user, who will take their private key and unlock the message. PGP software adds that extra level of security when sending sensitive information.
By reading this blog we hope to have enlightened you on the world of data security and that you will take away a couple of good pointers. Remember that a threat is liable to come from inside your organisation, but always assume you are open to attack by staying on top of your security.
Always assume there is vulnerability.
You are never really 100% safe.