Story image

Business security: Securing your data weak points

13 Sep 16

One of the biggest problems to overcome for business security is trying to work out what areas you need to secure: there is no manual to download or “one model fits all”. Securing your business is simply a case of looking at your potential areas for data loss and looking at the attack vectors that may apply to you, finding those weak points and then getting advice on the best ways to plug those gaps.

So where do I start? There are core tenets that will end up being repeated but here a few essential points to consider.

Knowledge is power

There is a wealth of knowledge available to you. Security experts and specialists are available in all shapes and sizes and exist in almost every corner of the globe. Getting advice is easy, but make sure that where possible you seek that advice from more than one source. Also bear in mind that the world of IT evolves at a huge rate, so keeping up with the latest techniques may be a challenge all in itself.

Education makes a difference

In a business environment the weakest link is the end user; the good thing is it’s also your strongest asset. Utilising your staff in the fight against cyber crime is not as daunting as it seems: using education to teach your staff the current threats and how they are delivered may make the difference in someone accidentally clicking that phishing link or visiting a compromised website from a spam email. Making them feel an integral part of the business security is an important aspect in keeping the whole business safe.

Being proactive is essential

Securing your hardware and software is an ongoing task. Looking at the way data moves into, within and out of your company will give you an indication of the areas to secure. Also make sure that there is a set documented procedure when something new is added to the infrastructure, change any default passwords, update firmware’s and make sure the latest updates are installed and regularly updated. Multi-layered security software is a must, installed on every endpoint and server.

Flexible working comes with risks

Letting your employees work on the road or at home means that accessing your network from all over the world has become increasingly easier and virtually a necessity. With that ease comes the potential for opening up your network to abuse, lost credentials, insecure Wi-Fi connections and/or social media account hacking, which could put your company at risk.

All data is valuable and desirable

Virtualisation is so simple these days – ergo having a multitude of servers is easier than ever. If you’re going to host your servers in house make sure you’re using secure server operating systems and that the latest software installed on them is patched and up to date. These are in effect the open gateways to the rest of the world and will be at significant risk from attacks (possibly on a daily basis): don’t be fooled into thinking your data is insignificant or of no use to anyone else, all data including yours has a value.

Regular backups are essential

Ransomware is one of the most destructive pieces of malware around today, therefore it’s very important you consider and plan your backup regime correctly. Take into account the need for point-in-time backups, the frequency and location of those stored backups are all very important, and again professional help is readily available and should be utilised if you’re unsure about anything.

Tick all the right boxes

It’s easy to read this and think that securing your business is complicated and expensive – and in some cases it may well be – but as with most things in business it’s just a case of working through and ticking all your boxes. Once you have a plan in place, utilise the internet to test what you have done: there are many options for penetration testing to see where you’re vulnerable, test it, fix it, and test again. If you save money by doing nothing it will only be a matter of time before that approach ends up costing you tenfold of what you thought you had saved in the beginning.

Article by Mark James, Security Specialist, ESET

Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.