MD Tim’s thoughts about Online Security

June 27th, 2018 - Posted in News

The days of just a user name and password to protect your data are long gone and a distant memory along with the likes of Netscape Navigator and unrestricted Internet access.

We now live in a world where anyone with time on their hands and the inclination can launch an attack on large national websites, organise a Ransomware attack or break into any number of service providers to steal their customers data.

Hackers and scammers are totally ruthless and wont care one jot if they deprive a little old lady of her life savings just as they will not care of holding an SME to ransom over their data.

As a service provider, we have to guide our customers over the safety of their data. We put all of the possible measures in place such as Antivirus and anti ransomware, robust and reliable back ups that are tested  on a regular basis.

So many times, we come across companies who come to us for help who have very little in place to protect their staff and there systems and data. Just as you wouldn’t chose to leave your doors and windows open when you leave home, you shouldn’t leave your systems open to exploitation as its just a matter of time before you get caught out and rebuilding your data from paperwork and emails is immensely time consuming and potentially could cripple your business.

Over the past year we have seen an increasing number of businesses who are having their emails spoofed (impersonated) tricking generally the bill payer into transferring money to a rogue account. We also have seen unsolicited emails being opened by unsuspecting staff and this in turn launches a ransomware attach that encrypts the data. In order to restore your systems, you will need to wipe the system of all of the encrypted files and data and then restore from a good known back up. This has to be an offsite back up as typically a ransomware attack will disable the antivirus and wipe out any network back-ups or shares.

So what do you need to do to keep safe?

Some basic precautions are as follows:

  • Antivirus and anti ransomware on your end user devices and servers and keep the product regularly updated.
  • Run an up to date firewall and regularly apply any firewall vendor software patches.
  • Windows PCS and servers must be regularly updated with Microsoft critical patches at the very least.
  • Train your staff to be cautious and not to open click on any hyperlinks in any emails that may look suspicious.
  • Change you password on a regular basis and do not make it something that can be guessed. Random words with numbers and symbols to make up what is known as a complex password.
  • Ensure you have an offsite back up of your data that is regularly tested (this is a must and is your bastion of last resort)
  • Do not trust emails asking you to transfer monies out-call the person who has sent the email to verify.
  • Do not take calls from people pretending to be from BT/Microsoft, these companies will never call you. If in doubt look up their contact number on their websites and call them back from a different phone from the one they called you on as they will sometimes not disconnect the call.
  • Call a company in to assist you setting up a robust security strategy, it will be time and money well spent in the long run.