Understanding Cyber-Security: Shackleton's Thoughts
Written by Steve Ross, 24 March 2016
Cyber-security is more important than ever to small businesses. To help you build your defensive strategy, we look back on our recent cyber-security discussions.
With hacking incidents never far from the headlines, at the beginning of 2016 we turned our focus to cyber-security - and the need for small businesses to think carefully about their defensive strategies. Countering cyber-threats is, unfortunately, no longer as simple as installing a basic level of antivirus software - that said, we believe, no matter your size or budget, you can build effective protection for your organisation.
With that in mind, let's examine our recent thoughts...
1) Understanding Threats and Weaknesses
Perhaps the most important part of your defensive strategy is understanding the ways in which your business is vulnerable and, by extension, what kind of cyber-threats you face. In January, we examined some of the weaknesses your company may be harbouring:
- Encryption: In the event of a network breach, unencrypted data will be instantly available to hackers.
- Back-up: Your back-up strategy won't necessarily deter attacks, but if you don't have one, the potential damage they cause will be increased
- Updates: Out of date software is a red-rag to hackers, who will be deliberately searching for and targeting well-known security weaknesses
- Devices: You may be happy with your network's security, but what about the weaknesses in your employees' personal devices? Secure your BYOD plan.
- Training: Your defensive plan is only as good as your employees' ability to put it into practice. Phishing and malware scams rely on naivety and ignorance - do your staff have the training to spot and identify sophisticated cyber-threats?
Once you understand how your network could be targeted, it's worth exploring how hackers might create a breach. You face a range of evolving threats, but 'types' of attack do emerge - to help you spot them, we outlined their characteristics:
- Malware: A catch-all term including viruses, Trojans, spyware and any software with malicious intent for your network. Malware can manifest as attachments or downloads, often concealing its threat to trick users into clicking.
- Phishing: Masquerading as a trusted source (typically an email), phishing scams attempt to lure users into handing over sensitive information which can be used to breach their network. Phishing scams may be incredibly sophisticated in their execution - but there are ways to spot the danger.
- Password hacking: One of the oldest tricks in the book, weak, obvious or old passwords can be guessed by the enterprising hacker with very little effort.
- DDOS attacks: Sophisticated and dangerous, distributed-denial-of-service attacks overwhelm a website with traffic, and often act as a smokescreen for hackers to execute a secondary, more dangerous attack while your network is vulnerable.
2) Building Your Defence
After exploring the threat landscape, it's time to build your company's cyber-security strategy - but it's essential you think carefully about what you need, and find the right tools for the job. We pointed out that your defensive plan doesn't need to be expansive or expensive... as long as it's tailored to protecting your business. The defensive tools we suggested included:
- Integrating antivirus software with desktops and personal devices
- Installing firewalls and encrypting data
- Installing a virtual private network (VPN) for secure remote network access
- Moving data to the cloud to outsource cyber-security
- Maintaining back-up strategies to mitigate damage should data be stolen
3) Dealing with Damage
Despite the best defences, security breaches can and do still happen and, as we discussed in February, it's essential your company has a plan to cope. We explained what to do in the event of an infection or hacking incident at your company - from recognising an initial infection event, to dealing with the damage it causes.
To complement this, we also discussed Shackleton's own malware response plan, offering a step-by-step guide to identifying and containing an infection, finding and undoing its damage, removing the problem and, finally, addressing the network weakness.
Our Thoughts: Constant Vigilance
Ultimately, we want our clients to build their cyber-security strategy on vigilance. In practice, this means you need to be aware not only of threats to your company, but also your on-going ability to defend and respond to them. Our discussions of the past few months reflect current trends in the cyber-security field - but also point to a future where your strategies might have to quickly adapt to new and unexpected circumstances.
Do you understand the cyber-security landscape? If you're worried about building your business' defence strategy, call us today...
What is the Cloud?
Chances are, you rely on it every day as part of your business routine, but what is the cloud - and why should your organisation care about it?
Common Cyber-Security Misconceptions
Misconceptions about cyber-security can lead to disaster: make sure your small to medium business doesn't underestimate the threats it faces...