How can companies protect themselves from cyber-attacks?Posted by SecurityAuditTeam on Aug 21, 2015 in Security Blog • No comments
How can companies protect themselves from cyber-attacks?
As the prevalence of hacking, phishing and various other online scams increases, it is important that you look after your IT security across the board. Data is a valuable commodity and, if stolen in significant volume, virtually priceless to both criminals and the agencies of nation states with dubious intentions.
Fortunately, there are many steps that companies and organisation can take to protect themselves from hackers. These range from relatively obvious steps such as not writing down or sharing passwords to never clicking on links from potential phishing scam emails. Less obvious things such as internal data compartmentalisation should also be considered.
With the profusion of the many different types of hacking attacks and online scams prevalent in today’s world, you need to keep your data safe and secure.
Here are the recommended major steps that we believe should be taken to protect your valuable corporate data:
- Use complex passwords. Always incorporate a mixture of upper and lower case alphanumeric characters, spaces and symbols in passwords. Make the password as long as is practicable!
- Install effective Antivirus and Anti-Malware Software. This is a necessity today, they work by detecting and removing virus, malware, adware and spyware by scanning through your files including downloads and emails.
- Install a Firewall. A Firewall helps to protect your network traffic, including both inbound and outbound data. It can be setup to protect your IT network from hackers and restrict email and proprietary data from theft.
- Restrict access to business critical data. Your data should be protected from internal access by basically anyone! You should set up internal restrictions on data access to protect sensitive data and thereby increase accountability within your organisation.
- Ignore Emails that seem suspicious. It stands to reason that you should be wary of unsolicited Emails. Do not click on any suspicious links and never download attachments that you are unsure of! Most ‘phishing scams’ originate in this way. Remember that such Emails may have been created by clever hackers that will do all they can to make the Email appear to be from a trustworthy source.
- Secure Wi-Fi Networks. Use WPA2 (Wi-Fi Protected Access Version 2) where possible. Discontinue using WEP (Wired Equivalent Privacy) networks as they are not as secure as WPA2. Change the SSID (Service Set Identifier) and the name of the wireless router that you use from its default setting. Always use complex PSK (Pre-Shared Key) passphrases.
- Perform regular data back-ups. Schedule Back-ups of your data to the cloud or an external hard drive on a regular basis. Should your systems be compromised, you will have a secure checkpoint to restore back to.
- Install data encryption software. Any organisation dealing with personal details, such as credit card details, should implement use of data encryption. This software keeps data protected by altering information into apparently unreadable encoded gibberish! To decrypt the data, keys are required to decipher the data.
- Consider using Penetration Testing Tools –Many open-source tools are available to perform penetration testing, such as CORE Impact and Back Track. Companies such as Security Audit Systems can also help you to ensure that your IT infrastructure is safe from unwanted penetration by hackers.
- Protect mobile devices in case of theft. Mobile devices such as phones, iPads and laptops should be protected via data encryption, password protection and by having ‘remote wiping’ options enabled.
- Run a Security Audit – There are many tools around that can perform an IT security audit, such as SARA and Nessus to name but two. These will help identify where your IT ‘holes’ are but for professional help, Security Audit Systems can provide a comprehensive IT security audit for you, identifying any gaps that need protecting.
- Compartmentalise your data. Store your important data in different locations, both physically and virtually if possible. Restrict access to complete data sets of information to trusted employees only, making them accountable for its future protection.
- Create effective IT security procedures. To protect your IT networks from computer hacker’s common sense is also required. Create IT security procedures for employees to follow. Restrict access to certain websites or even the internet where necessary. Make it clear what is and is not acceptable to do online!
- Install a Website Security System – As we have all heard, websites are regularly hacked into. There are many proprietary and open source solutions available dependent upon the technology platform that your website is built upon.
This guide was created with a view to helping you to protect your company or organisation from cyber-attacks in future. These steps will help as long as you implement our recommendations, at least in part.
If you follow all of these recommendations then you should be able to make all your web assets and existing IT systems far more resilient to website or IT infrastructure penetration attacks in future.