"A username and password does not mean your data or business is safe" - Tim Phillips
The days of just a user name and password to protect your data are a distant memory along with the likes of Netscape Navigator and unrestricted internet access...
We now live in a world where anyone with time on their hands and the inclination can launch an attack on large national websites, organize a ransomware attack or break into any number of service providers to steal their customers' data.
"Hackers and scammers are totally ruthless and won't care one jot if they deprive a little old lady of her life savings just as they will not care of holding an SME to ransom over their data."
As a service provider, we have to guide our customers over the safety of their data. We put all of the possible measures in place such as antivirus and anti ransomware -robust and reliable back ups that are tested on a regular basis.
So many times we come across companies who come to us for help who have very little in place to protect their staff and their systems and data. Just as you wouldn’t choose to leave your doors and windows open when you leave home, you shouldn’t leave your systems open to exploitation as it's just a matter of time before you get caught out. Rebuilding your data from paperwork and emails is immensely time-consuming and could potentially cripple your business.
Over the past year, we have seen an increasing number of businesses who are having their emails spoofed (impersonated) tricking generally the bill payer into transferring money to a rogue account. We also have seen unsolicited emails being opened by unsuspecting staff and this, in turn, launches a ransomware attack that encrypts the data. In order to restore your systems, you will need to wipe the system of all of the encrypted files and data and then restore from a good known back up. This has to be an offsite back up as typically a ransomware attack will disable the antivirus and wipe out any network back-ups or shares.
So what do you need to do to keep safe?
Some basic precautions are as follows:
- Have antivirus and anti ransomware on your end user devices and servers and keep the product regularly updated.
- Run an up to date firewall and regularly apply any firewall vendor software patches.
- Windows PCS and servers must be regularly updated with Microsoft critical patches at the very least.
- Train your staff to be cautious and to not open click on any hyperlinks in any emails that may look suspicious.
- Change your password on a regular basis and do not make it something that can be guessed. Use random words with numbers and symbols to make up what is known as a complex password.
- Ensure you have an offsite back up of your data that is regularly tested (this is a must and is your bastion of last resort).
- Do not trust emails asking you to transfer money out - call the person who has sent the email to verify.
- Do not take calls from people pretending to be from BT/Microsoft. These companies will never call you. If in doubt look up their contact number on their websites and call them back from a different phone from the one they called you on as they will sometimes not disconnect the call.
- Call a company in to assist you in setting up a robust security strategy, it will be time and money well spent in the long run.
We all know that IT security means much more than a browser based CRM and a username and password.
Deciding to conduct an IT Audit with an IT expert could be the best business decision you've made this year.
Tim Phillips - Alchemy Systems
"Hackers and scammers are totally ruthless and won't care one jot if they deprive a little old lady of her life savings just as they will not care of holding an SME to ransom over their data." Tim Phillips