We discuss a range of practical measures to help improve your IT security, protect your infrastructure and prevent a data breach.As we have covered
GDPR extensively over the last two years, I didn't want to bore you with yet another thread addressing this specifically. I do however want to discuss IT security and how adopting best practice can help secure your infrastructure and prevent a data breach. This is a big subject so I will do my best to keep it as relevant as possible for smaller organisations and for your personal IT security.
We have been working on numerous
Cyber Essentials certifications in recent months and these focus on 5 key areas, as outlined below. I have given a brief explanation to help clarify each point.
5 key areas to improve your IT Security
- Boundary firewalls and Internet gateways – Firewalls allow traffic in and out of your network, inspecting it for potential threats. I would compare this to a perimeter of a secure compound where traffic in and out is monitored and controlled continually. By doing so, you can prevent intrusions and only allow out the traffic you need.
- Secure configuration – This is one of the larger topics and is all about best practice. For instance;
- removing any unused software
- disabling the use of USB storage devices to help prevent data loss and programs installing unintentionally
- using an offline backup for all business critical data
- implementing an approved software control list, and
- disabling accounts that are not needed.
- User access control – When you create a user, give them access to just what they need. In addition, give them a secure password that is not shared. Less is always more when it comes to security so give users access to what they need and no more.
- Malware protection – This is where a multi-layered approach helps. Protecting your network is not just about having antivirus installed on each PC. You also need to protect your email via Mimecast, Trend Hosted Email security or Exchange Online Advanced protection. Moreover, the biggest threat nowadays is human error, so educating your users is imperative.
- Patch management – Keeping your PC, phone and installed applications up to date is an easy task. You should usually receive Microsoft operating updates shortly after the 2nd Tuesday of each month. It is worth setting a diary reminder a week after this to check they are installing. Many threats use known vulnerabilities that “should” be resolved within these updates. I have spent the last year rolling out a ConnectWise automation tool that controls and reports on this for us for many of our clients.
Further cyber security tips
From a personal perspective, to help secure online accounts such as Amazon, Hotmail etc. I have started setting up two factor authentication. This prevents attackers from logging into my accounts and spending money via the stored credit card details.
Furthermore, the following tips will help you stay safer:
- Create strong passwords especially for sites which hold your personal and payment card details. Use a password database tool such as Kee Pass to store passwords securely and avoid writing them down. It should be noted however that even these tools have exploits which have been exposed recently.
- Don’t share your passwords with other people.
- Keep your devices up to date.
- If you receive a link on an email, hover over the link and look at where it is trying to direct you. Check the website looks legit.
- Backup your data, ideally keeping an offline copy that is not accessible to protect against ransomware.
- Be cautious on public Wi Fi networks. Given the cost of data, tethering via your mobile is usually safer.
- Only download software and apps from reputable sources.
- Encrypt your devices where possible as if they are lost or stolen, this will help protect your data.
- When you stop using a service or website online, close the account.
- Use a reputable antivirus client with virus, spyware and a firewall included. Some free products don’t include all these components.
- When you dispose of equipment containing any personal data, make sure to wipe it completely. Depending on the file structure, this may not be enough. Specialist tools are available to ensure your data is fully cleansed.
Final Thoughts
In summary, there are plenty of actionable measures you can undertake to help protect and strengthen the security of your systems. Making sure you have the basics right, like installing patch updates and having the latest versions of technology, will go a long way towards protecting your systems. You can then go one step further by securing user credentials and setting up two factor authentication.
Author: Alex Moss, Senior Technical Consultant
Alex has been an invaluable member of the PCR team for over 14 years ago and is responsible for planning and implementing client systems. He has helped our clients migrate to new infrastructure and Cloud solutions with minimal risk and downtime.