How secure is your business from hackers?

IT Security | Data Breach

You’ve no doubt heard increasing news reports of hackers gaining access to IT systems in the UK and around the world. Unfortunately, data theft now has grave consequences for UK businesses.

The new GDPR rules due to come into effect in 2018 focus on forcing businesses to protect themselves by making sure security measures are taken to prevent data breaches and protect confidential data, or face hefty fines of up to £17m.

Regardless of whether the exact rules of GDPR apply to your business model or not, ensuring you never have to face the consequences of any type of data breach should be on the top of the tech security list.

Is your IT support service on top of security?

IT Support Service London

Most businesses employ an IT support service to take care of their tech security, and because of the complexity involved, business owners tend to trust that security measures are satisfactorily in-place. We’ve often found the truth contradicts this assumption when our IT support team perform security audits for new clients; security has usually not been adequately set up or accurately monitored.

When the Equifax data breach occurred in 2017, unbelievably, investigators found hackers had gained access through an already widely known vulnerability which didn’t take much to bypass and which shows an incredible lack of care from whoever was in charge of securing their IT platforms. They also found that the hackers had gained access to their networks months prior to the data breach taking place, it appears no one had noticed at all. The result of the data breach puts 143 million people at a significant risk, including people in the UK.

Financial Times reports further:

“The US credit reporting group discovered on July 29 that its defences had been breached, potentially compromising valuable personal information, including Social Security numbers and driving licence details, that could be used for identity theft. Personal details of more than 400,000 UK residents were also exposed”

Are you worried about your business IT security?

Contact Us

Here are our top 5 IT security checkpoints

1. How often does your IT support service perform security audits for your business?

It’s always worthwhile finding out what comes as standard with the IT support and services your business might already have in place. Security now requires a lot more consideration than simply deciding on what Anti-Virus you need to use as a business; MacTribe, for example, offer security audits and reports to ensure the latest methods and technologies are in place, we recommend performing a security audit at least once a year.

2. Do you have a secure password policy?

The easiest way for any wannabe hacker to access your network is often by discovering weak passwords, either through hoax emails or by using dictionary attacks. Most people tend to use the same password on every website they visit which means hackers could potentially discover your password on an insecure website and use it to gain access to your business networks. If all your passwords are stored with your IT support and services, you may want to insist on knowing how they protect your data. It’s nearly impossible to create the passwords you need and still be able to remember them, especially if a unique password should be employed for each login – but there are some fantastic business-grade password managers available which can do all the hard work for you. For example, 1password and LastPass are incredibly useful tools for configuring impossible passwords. Both PC and Mac support a majority of password managers now available.

3. Do you use 2-Factor Authentication as part of your business security?

Most web applications and websites now offer 2-factor authentication as a way to protect you further. Even if a hacker managed to steal your password, they wouldn’t be able to gain access to an account protected by 2FA without having a unique 6-digit key. 2FA works by continuously rotating six numbers every 30 seconds and won’t allow entry to a website without having entered the correct key at the right time. You’d need to enter the six-digit key within 30 seconds and only then would you be allowed in. If you use online banking in the UK, you’d no doubt already be using 2FA as part of accessing a banks website. Banks use the same sort of technology which is used for 2FA across the web today.

4. Do you have a firewall and internet filtering?

A majority of business activity requires a reliable internet connection to communicate with the outside world, and most of the time a firewall will be in place to protect users from a majority of malicious attacks which take place across the web. Firewalls are useful for blocking unwanted network traffic. However, they’re not very smart or intuitive devices. Hackers bypass firewalls by hijacking traffic which is already permitted to pass through, for example – website traffic. Naturally, you’d want to be able to visit the web so a firewall allows this traffic in and out. A cleverly hijacked website could automatically download a script and bypass a firewall, which makes firewalls useless in these situations. If hackers discover a small error in the code of any application that connects to the web, they can use this vulnerability to create an exploit script allowing them to gain entry through a firewall and directly onto their target device. There are many other ways hackers work, but there are methods to protect a business by making sure that all internet traffic is filtered before it even gets to the firewall. Cisco Meraki routers, for example, utilise both firewall and filtering techniques to inspect traffic more proactively.

5. Do you have an encryption policy?

Technology is increasingly becoming more compact, and data capacity is increasing every year. We are able to fit more data onto our devices than ever before. If your company uses dropbox or similar cloud-sync apps to keep a cached copy of company data on laptops and various devices, then your entire business would be at risk if any of these devices were to be accidentally lost or stolen. To prevent data from being accessed on a lost or stolen device, encryption is the best protection. Encryption simply makes data unreadable unless the correct passcode is entered, therefore making a laptop useless without a password or until the data is wiped clean. Both PC and Mac support encryption reliably, it’s certainly a pre-requisite for the modern business model and IT environment.

These are our top 5 security checkpoints worth investigating for your business IT setup, but there are certainly more ways to support your IT environment further. Anti-Virus is also very important and considered at least a basic necessity, we’ve dedicated an entire post to explain why.

MacTribe is a PC and Mac support London team who provide simple, smart business tech support. If you’d like MacTribe’s IT support team to visit your office and perform an in-depth security audit, feel free to contact us.