The faster that technology changes the faster users and businesses have to update their cyber security. This key issue has been further impacted by the Covid-19 pandemic where remote working has become standard for employees in many organisations with integration and flexibility hot topics for home-based workers alongside cyber safety.
Remote working sees the dawn of new threats
There is no doubt that different working processes have thrown down the gauntlet of new cyber security challenges as many employees and contractors work from home during the global pandemic.
Cyber threats commonly appear in tandem with innovative working practices; people have always worked from home but not in the numbers seen during the Coronavirus pandemic and using systems traditionally reserved for the workplace like call centres. Threats take many forms including malware, toll fraud and network targeting as cyber criminals look for gaps in protection, chinks in the armour.
Apart from disruption to and possible loss of business, most organisations are also concerned about their legal compliance with GDPR legislation and other regulations and government requirements.
MFA or Multi-Factor Authentication has always been viewed as an additional layer of security but these days it is becoming much more of a norm. Appearing more and frequently, this two-stage process is already commonplace for many people when they access their online banking or social media accounts.
MFA is now a ‘must have’ for any business – use two or more verification steps for users to gain online access, typically a text with a code on a mobile phone after the username and password have been entered. Face or fingerprint recognition technology is also becoming popular. MFA is one of the simplest and most effective ways to protect any business or organisation. It is also a common compliance requirement for GDPR and other standards such as ISO 2700.
Managing security updates
Make no mistake about it, hackers and cybercriminals can easily keep pace with new security software launches so it is essential for key decision-makers to ensure applications are regularly updated and that patches are implemented when needed. The best way to do this is with thorough monitoring and risk evaluation to protect data and thereby revenue and reputation. Old apps are risky and dangerous and easy to overlook on out of date servers and workstations.
The current trend for remote working means system audits relying on all devices and staff being connected to the office network. Good protocols include:
- Centralised patch management for applications and operating systems
- Keeping warranties and support packages up to date
- Conditional access only to emails and business data
Dark Web Audits
Most people are becoming increasingly familiar with the dark web which refers to the subterranean world of the internet, full of illicit materials such as usernames and passwords, credit card information and medical data all available for cybercriminals to purchase.
A recent dark web survey revealed 15 billion stolen logins from over 100,000 security breaches. Specialist knowledge and access are usually required for a dark web audit. This can be a valuable process as it enables businesses and organisations to find out what key information connected to their company is available for sale and where that data has come from. Highlighting vulnerable information allows internal changes to be made and more robust security measures put in place.
The most effective and all-embracing option to protect against malware threats is to use a cloud-based solution that is centralised and protects all devices. It is important to focus on certain key features when purchasing malware protection and these include:
- Global blacklisting
- On-access scanning
- Endpoint software firewall control
- Endpoint drive encryption management
- External device controls
- Auto updating of the device itself and pattern files
Good protocols and best practice
The best way to stay safe from cyber crime is to write a policy that encompasses new and existing devices with regular maintenance, updates, review and stress testing. Putting in place a comprehensive system of protection doesn’t have to be costly or difficult and will give businesses peace of mind.
Use protocols and checklists for new equipment and updates. Undertake evaluation reviews periodically to test that the security is working and fit for purpose. Always use a key business change or major technological development or upgrade as a trigger to review procedures. Robust IT procedures not only protect the security of the business but are in themselves a marketing tool for customers and clients.
About Mustard IT, your technology partner
Mustard IT is a trusted team, experienced with the latest technology and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.