Story image

Business security: Securing your data weak points

13 Sep 2016

One of the biggest problems to overcome for business security is trying to work out what areas you need to secure: there is no manual to download or “one model fits all”. Securing your business is simply a case of looking at your potential areas for data loss and looking at the attack vectors that may apply to you, finding those weak points and then getting advice on the best ways to plug those gaps.

So where do I start? There are core tenets that will end up being repeated but here a few essential points to consider.

Knowledge is power

There is a wealth of knowledge available to you. Security experts and specialists are available in all shapes and sizes and exist in almost every corner of the globe. Getting advice is easy, but make sure that where possible you seek that advice from more than one source. Also bear in mind that the world of IT evolves at a huge rate, so keeping up with the latest techniques may be a challenge all in itself.

Education makes a difference

In a business environment the weakest link is the end user; the good thing is it’s also your strongest asset. Utilising your staff in the fight against cyber crime is not as daunting as it seems: using education to teach your staff the current threats and how they are delivered may make the difference in someone accidentally clicking that phishing link or visiting a compromised website from a spam email. Making them feel an integral part of the business security is an important aspect in keeping the whole business safe.

Being proactive is essential

Securing your hardware and software is an ongoing task. Looking at the way data moves into, within and out of your company will give you an indication of the areas to secure. Also make sure that there is a set documented procedure when something new is added to the infrastructure, change any default passwords, update firmware’s and make sure the latest updates are installed and regularly updated. Multi-layered security software is a must, installed on every endpoint and server.

Flexible working comes with risks

Letting your employees work on the road or at home means that accessing your network from all over the world has become increasingly easier and virtually a necessity. With that ease comes the potential for opening up your network to abuse, lost credentials, insecure Wi-Fi connections and/or social media account hacking, which could put your company at risk.

All data is valuable and desirable

Virtualisation is so simple these days – ergo having a multitude of servers is easier than ever. If you’re going to host your servers in house make sure you’re using secure server operating systems and that the latest software installed on them is patched and up to date. These are in effect the open gateways to the rest of the world and will be at significant risk from attacks (possibly on a daily basis): don’t be fooled into thinking your data is insignificant or of no use to anyone else, all data including yours has a value.

Regular backups are essential

Ransomware is one of the most destructive pieces of malware around today, therefore it’s very important you consider and plan your backup regime correctly. Take into account the need for point-in-time backups, the frequency and location of those stored backups are all very important, and again professional help is readily available and should be utilised if you’re unsure about anything.

Tick all the right boxes

It’s easy to read this and think that securing your business is complicated and expensive – and in some cases it may well be – but as with most things in business it’s just a case of working through and ticking all your boxes. Once you have a plan in place, utilise the internet to test what you have done: there are many options for penetration testing to see where you’re vulnerable, test it, fix it, and test again. If you save money by doing nothing it will only be a matter of time before that approach ends up costing you tenfold of what you thought you had saved in the beginning.

Article by Mark James, Security Specialist, ESET

Partnership brings AI maths tutor to NZ schools
“AMY can understand why students make a mistake, and then teach them what they need straight away so they don't get stuck."
Polycom & Plantronics rebrand to Poly, a new UC powerhouse
The name change comes after last year’s Plantronics acquisition of Polycom, a deal that was worth US $2 billion.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
VoiP new-comer upgraded and ready to take on NZ
UFONE is an Auckland-based VoIP provider that has just completed a massive upgrade of its back-end and is ready to take on the market.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.