By Mark James
One of the biggest problems to overcome for
business security is trying to work out what areas you need to secure: there is
no manual to download or “one model fits all”. Securing your business is
simply a case of looking at your potential areas for data loss and looking at
the attack vectors that may apply to you, finding those weak points and then
getting advice on the best ways to plug those gaps.
So where do I start? There are core tenets that
will end up being repeated but here a few essential points to consider.
Knowledge is power
There is a wealth of knowledge available to you.
Security experts and specialists are available in all shapes and sizes and
exist in almost every corner of the globe. Getting advice is easy, but make
sure that where possible you seek that advice from more than one source. Also
bear in mind that the world of IT evolves at a huge rate, so keeping up with
the latest techniques may be a challenge all in itself.
Education makes a difference
In a business environment the weakest link is the
end user; the good thing is it’s also your strongest asset. Utilizing your
staff in the fight against cybercrime is not as daunting as it seems: using
education to teach your staff the current threats and how they are delivered
may make the difference in someone accidentally clicking that phishing link
or visiting a compromised website from a spam email. Making them feel an
integral part of the business security is an important aspect in keeping the
whole business safe.
Being proactive is essential
Securing your hardware and software is an ongoing
task. Looking at the way data moves into, within and out of your company will
give you an indication of the areas to
secure. Also make sure that there is a set documented procedure when
something new is added to the infrastructure, change any default passwords,
update firmware’s and make sure the latest updates are installed and regularly
updated. Multi-layered security software is a must, installed on every endpoint
and server.
Flexible working comes with risks
Letting your employees work on the road or at home
means that accessing your network from all over the world has become
increasingly easier and virtually a necessity. With that ease comes the
potential for opening up your network to abuse, lost credentials, insecure Wi-Fi
connections and/or social media account hacking, which could put
your company at risk.
All data is valuable and desirable
Virtualization is so simple these days – ergo
having a multitude of servers is easier than ever. If you’re going to host your
servers in house make sure you’re using secure server operating systems and
that the latest software installed on them is patched and up to date. These are
in effect the open gateways to the rest of the world and will be at significant
risk from attacks (possibly on a daily basis): don’t be fooled into thinking
your data is insignificant or of no use to anyone else, all data including
yours has a value.
Regular backups are essential
“Ransomware
is one of the most destructive pieces of malware around today.”
Ransomware
is one of the most destructive pieces of malware around today, therefore it’s
very important you consider and plan your backup regime correctly. Take into
account the need for point-in-time backups, the frequency and location of those
stored backups are all very important, and again professional help is readily
available and should be utilized if you’re unsure about anything.
Tick all the right boxes
It’s easy to read this and think that securing your
business is complicated and expensive – and in some cases it may well be – but
as with most things in business it’s just a case of working through and ticking
all your boxes. Once you have a plan in place, utilize the internet to test
what you have done: there are many options for penetration testing to see where
you’re vulnerable, test it, fix it, and test again. If you save money by doing
nothing it will only be a matter of time before that approach ends up costing
you tenfold of what you thought you had saved in the beginning.
Business security topics will be addressed in more
details at the Gartner Security & Risk Management Summit in London, UK,
September 12–13, 2016. You can find more information about ESET @ Gartner summit
with up-to-date content on our special web page.
Among the attendees will be ESET chief research officer Juraj Malcho and Palo
Balaj, head of ESET EMEA business development.