November Housekeeping = Internet and IT Security

Image of person breaking into a computer

Over the last 10 months I have constantly mentioned security, security, security, because we live in a world where criminals are exploiting every IT and online weakness they can. In 2015 we had very few businesses phone us with problems.  In 2016/17 we have seen an increase – as criminals are now targetting businesses. So much so, that I think you need to dedicate November to looking at your security.

Do you have old computers that are no longer receiving Security Updates?

The ransomware attacks on old Windows XP computers in the NHS earlier this year proved that old computers can be a security weakness. So, do you have any old equipment that pose a security risk to your business? Plus are you planning for the future? Microsoft have said that they plan to stop providing security updates for Windows 7 in 2020, so now is a good time to start planning and budgetting to replace them.

Update, Update, Update

Make sure everything is up-to-date. Microsoft updates, Apple updates, router updates, application updates – all help to ensure you are secure.

Who has access?

Ransomware normally spreads by mapped drives, so a simple way of reducing your risk is to stop giving everyone access to everything. Only give them access to folders they need. That way, if their computer is infected by ransomware the spread of the virus will be more contained.

Don’t forget SmartPhones, tablets, laptops

Does anyone in the business connect their own computer/tablet/phone to your network? If so, how good is the security on these devices?

Most businesses now encourage people to collect business emails on SmartPhones and tablets. Research by Kaspersky Lab and Allot Communications reported at the beginning of 2016 that 79% of businessmen and 67% of businesswomen use potentially risky apps every day.  Most modern SmartPhones have some form of security, but older ones may not have. Apps that enable peer-to-peer file sharing, emailing and web conferencing are those deemed most risky. So, is the user of the company SmartPhone likely to be downloading any of these and, if so, do they understand the risks?

Also, what happens if someone’s phone/tablet gets stolen – do you know how to remotely remove access to the business emails and data?

Do people access your server from home?

More and more people are working from home and require access to company files and folders. How this access is given can vary, and some ways are more secure than others. Security is something that should be regularly checked and evaluated as threats evolve.

Is the Internet Security software you are using still good?

Everyone has their favourite Internet Security software that they will swear is the best, but reality is that software performance varies from year to year. Companies amalgamate, get taken over, change their focus. In 2016 Avast took over AVG for example – we are monitoring the result.

So, is the Internet Security software you are using still good? Don’t keep with it just because you have used it for the last 5 years. Check out the facts. A good start is AV-Test.org. The test results can vary from month to month, so we would recommend you consider any software listed that has 5 circles and above. Some may be brilliant at stopping threats, but be so intrusive that they cause constant problems – we personally have found this with Bitlocker and Panda. Others, such as Avast Free, are not intrusive at all, brilliant and fast, but give you little power to exclude files and programs. You may need to do a little research to find the best option for you.

When did you last check that your Internet Security software was active and current?

We frequently go to new customers and find that although an Internet Security software program has been installed, it is no longer updating/running. Or that the old security program was never uninstalled. We would recommend that in November you go to every computer and check your Internet Security is running, is up-to-date and run a full scan of the computer hard drive. Don’t forget your server.

Do people in your company know how to identify emails that may contain links to ransomware and other threats?

The nature of threats change. A lot of threats in 2016/17 came via email attachments. So does everyone in your business know how to identify a threat. In our experience people know that threats come via email but they don’t understand that Word or Excel document can be especially unsafe. Also, make sure people know that that if in doubt they can always phone the person that sent the email to check it is genuine.

Do people understand why they need strong passwords, how to create them and how to remember them?

The most basic, but a very important, part of security is good passwords. Many people hate the idea of a strong password, but there are reasonable compromises – making a password longer makes a difference. Mixing in numbers makes a difference. If you help people create a system that works for them, then they will be happier to use stronger passwords. Remember that everyone is different – some people find it easy to remember numbers, but others find it easier to remember text. Help everyone set up a system that works for them. There is more about creating stronger passwords here… https://technologytamed.com/tips-on-better-password-security/ 

Internet and email security is constantly changing and evolving – an ongoing battle between suppliers and criminals. It is important to regularly evaluate your security to see whether you need to change your systems to help protect your data and your employees.

Rebecca Mansbridge
Director
November 2017