Following on from our blog last month of ‘Getting IT right from the Start’, (read here), we are now sharing the basic security minimums that we would recommend for our clients. This gives a broad scope of the security required in todays landscape.
Cyber criminals are in business, and like any ‘business’ person, they are looking for a return on their investment of their time. Hacking easier targets often gives that.
Unfortunately, these Cyber Criminals are constantly on the lookout for opportunities to attack your technology, and make money out of you. No business is too big or too small, and New Zealand is not too ‘far away’.
If you do not have the basics of security in place, then you quite simply make yourself a more attractive target.
Why attempt to break into the well-secured house when the one next door is wide open and much easier?
In fact, one of the reasons why more smaller businesses are being targeted, is that the bigger businesses and organizations are generally well-protected these days.
So, by having a decent level of protection, you are less likely to be hacked successfully.
You need some sort of system to be able to prevent and/or detect many of the attack techniques used today. Traditionally known as “anti-virus”, today’s software is often far more powerful than just detecting viruses.
For most of our clients, because of their general risk level, we recommend an “end point security” product. This is suitable for today’s complex threat environment at the small to medium business level.
We find the right level of security for your business needs, balancing protection without paying for more costly products.
A key way the attackers can exploit businesses is if the computer operating software is not up to date.
Microsoft is always updating its Windows and Server operating system, as new vulnerabilities are uncovered. These are then pushed out as updates, but these can fail or cause issues sometimes.
Many computers are not set up to take these patches. The IT Centre has a system where we manage these updates, ensuring they are successfully applied, and ensuring the bad ones are remedied before you get them.
Two Factor Authentication in place is an absolute essential. Even if “they” do manage to get into your email account, having 2FA turned on will mean they can’t do anything unless they also have your smartphone.
This is such a simple but effective recommendation. To read more about 2FA click here.
Similarly, the days of having your cats name with your birthday after it as your password, and using it everywhere, are long gone.
Like all security, it is a bit of a hassle, but it needs to be done. IT Centre can help you with this to some extent, but what you and your team do is not an IT issue, it is a business issue. We highly recommend that you use strong passwords.
We supply a password management utility called LastPass. Basically it stores all your passwords in an encrypted cloud based ‘vault’ that can be accessed from your computers and mobile devices. It can also enforce strong passwords and will input them for you so no need to remember them.
Read more here about why a password management system is important for businesses, and also the article on 2FA and MFA.
It is still very true that most hacks are successful because someone clicked on something they shouldn’t have. How do you support your team to be aware of these risks, and to be constantly vigilant?
There is much you can do, including subscribing to services that send phishing emails to your team to see if they click or not, But at the very least (and this doesn’t cost anything) we suggest that owners and managers periodically raise this topic and simply discuss with their teams Just being reminded and aware is better than nothing.
The above blog outlines IT Centres most basic recommendations.
Our Managed Service plan has MS365 Business Premium licenses included in it, that allow us to provide a greater level of security. This plan utilises features from MS365 that are not available with standard licenses. It also includes password manager, upgraded security software and backups (which is another form of security).
To discuss your individual security concerns please contact us here.