Keep fraudsters and hackers away

Keep fraudsters and hackers away

A growing influx of scams and hacks are after two things: your data and your money. IT security gaps can let them in.

The number of people arrested continues to rise. According to some estimates, authorized fraud (where the actual customer processes the payment) was worth more than £354 million in 2018. The cost of ransomware attacks in the United States alone is estimated at $75 billion.

To combat this, you need to do two things:

  1. Train your teams to watch out for these scams
  2. Make sure your IT security stack protects your network and your business

Here are seven IT security gaps that leave your network vulnerable to hacker attacks. With the right training for your team and the right set of IT security products (IT security stack), the threat from these can be significantly reduced.
Your Teams
Unfortunately, the weakest link in any IT network is the user. It’s important to educate and train your teams on what to look for and what to do if they see what they think could be a scam or hack attempt.

Where are your IT security weaknesses?

Email

EMAIL

The first IT security gap is email. The way criminals try to get their hands on your data and your money is changing, so your IT security needs to change too. If you go back a few years, it was all about viruses. Viruses are released to cause chaos and affect your business. So you should invest in antivirus protection from vendors that work to detect viruses and then update their software to protect you. Now the criminals want more.
Ransomware and impersonation emails are the order of the day. Let’s take a quick look at these so you can spot them.

Ransomware

Ransomware seems to hold your data hostage, so you pay a ransom to release it. How it works exactly varies based on the attacker, but they make it almost impossible for you to work. They either copy your data, then delete it (including backups on your network) and demand payment to restore it, or they lock your network and deny you access. Payment requests are usually in Bitcoin so that they are untraceable.

Impersonation Emails
Phishing emails appear to come from a senior manager in your business or from a supplier. CEO emails are usually along these lines. “I need to pay {insert excuse}, please send me £XX,000 to this bank account”. It is often sent to larger businesses with different levels of management, so there will be a fear factor at lower levels about the manager “disturbing” so people don’t check. Supplier impersonation can take the form of “We have changed our bank details. Please pay your invoices to this account.

Really smart people have been able to join a conversation and derail it, so you have to be alert.

Your desktop

desktop

39% of all PCs are still running Windows 7, you should be using Windows 10. Now you can simply replace the firmware. The specifications of the old devices mean that you spend time and money on updating, but then you cannot replace the firmware, performance, improvements, even if implemented. It is better to buy a new desktop or laptop and have a safer and faster device.
Your firewall

Firewall

Your firewall is the gateway to your office network, whether it’s just your desktops and laptops or your local servers. It is an integral part of your security stack. Unfortunately, we still see some smaller businesses that only have their own internet router as a security guard.

Firewalls with added integrated threat management are our usual recommendations, providing a real barrier to entry. Don’t ever be tempted to skip this one!

Your WiFi

wifi
As your business grows and more people visit your office, you may be tempted to simply allow visitors access to your WiFi. Stop.

If you do this, you are giving them access to your entire network. You give them access to your data and introduce malware or ransomware. You have to invest in hardware to provide a separate guest network, but are the savings worth the risk?

Your website

my website

You will no doubt notice that Google encourages people to add SSL certificates to their website. Securing your website ensures that data is not easily collected from there, especially if your customers can make purchases directly through the site.

Your mobile devices

my mobile

What’s cool about your phone? Apart from all your emails, documents attached to those emails, access to your network, copies of any documents you’ve worked on remotely, website history and login data, and then all those phone numbers and personal pictures.

The same and more is true for your laptop. If these are lost, how are you going to prevent access to all this information? Our next blog will talk about mobile security in more detail, but in the meantime, let’s look at your options in your security stack.

Your staff leaving

Your staff leaving

When an employee leaves, and you have a BYOD policy, do you wipe their phones and other mobile devices? These devices may contain a large amount of your company’s data. Isn’t that a data breach when that person is no longer a member of staff? What happens if they go to a competitor? Even if they are not, you are responsible for looking after that data and have no further control.

Was it helpful?

We’ve explored 7 key IT security gaps and provided some tips on how to plug them.

No comment

Leave a Reply

Your email address will not be published. Required fields are marked *