Overview

The results of a data breach can be financially devastating. How devastating? The Ponemon Institute’s 2018 Cost of a Data Breach Study found the global average cost of a data breach was $3.86 million, a 6.4% increase over 2017. The report found that the average cost per lost and stolen record was $148.

You may be thinking – but surely that is just big business? Why would anyone be interested in a small or medium sized business?

The answer is that security is smaller businesses is often easier to compromise and as a result, hackers attack small businesses to gain access to their clients or suppliers.

Patch Management

The cheapest and simplest of all precautions that you can take is to make sure that all software updates are carried out ASAP.

Microsoft has it’s regular Patch Tuesday usually happens on the 2nd Tuesday of the month, sometimes it also occurs on the 4th Tuesday.

These updates patch vulnerabilities in operating systems and Microsoft software, they are critical to protecting your systems from attack using these vulnerabilities.

Other software applicaitons like Java, Adobe Acrobat Reader, Firefox etc. updates happen on a less regular basis but are no less critical.

A hacker can easily take advantage of an application with a vulnerability, in fact many of the randsomeware attacks in 2018 resulted from users visiting a compromised website or a website displaying an advert that had been compromosed at its source. The use did not have to click on a link ow download anything, the webpage opening resulted in a small java-script application being executed that reported versions of common sotware to a webserver on the Dark Web.

That dark web server then used the existing connection with the java-script to upload malware that took advantage of the vulnerability and eventually installed the randsomware.

So those little annoying software update pop-ups are really important. Believe it or not, there is an application that can update 30 or more of these types of programs automatically without requiring a reboot and without the pop-up nags.

Antivirus

Any anti-virus is better than no anti-virus (AV), but generally you should go with a brand you trust and not one that has been forced on you by the computer manufacturer or reseller.

There are some AV products that seem to infest your computer and as a result can cause the system to run slowely. Others are really small but efficient, some have guarantees and otehrs don’t. Most have free versions but have extra features on the professional versions if you are willing to pay for them.

Comodo offers free AV where the only difference between the Pro and Free version is that the Pro version has a gurantee and support. Think about the fact that the free version is identical and has the same updates.

However, if you are in business you need to be aware of the fact that the licence on free AV software nearly always states that it can not be used in businesses. If you run a business you need a licenced version of the AV.

Web Protection

What is Web Protection? We are talking about a Firewall here, usually this is a piece of hardware that sits in your network between your router and your network.

However, there are now hardware firewalls cloud based automatic updates as well as software firewalls that are combined with AV applications.

The decision as to what to use may mean that you need to take advice, your budget, the number of users and the type of network you have along with where your data is stored will often by the overiding factors however.

The software I mentioned in the Updates section also has a vertion that has an AV and a web based Firewall that stops you viviting any site that has been detected as infected. It also blocks communications wit hthe dark web meaning that if someone plugged in a USB drive that had malware on it, then no communication could occur, meaning that you stay safe.

Mail Protection

This comes in many forms and layers. Spam protection, phishing protection and email encryption are all good starting points, but user training on recognising phishing emails has finally been recognised as a worthwhile investment.

Once users recognise the signs of a spam or phishing email, they are less likely to click on a link resulting in data loss through infection.

The human factor should never be underestimated.

Disaster Recovery (Continuity Planning) and Backups

Having a well thought out disaster recovery plan that includes a backup is essential.

If you were to lose physical access to your computers (theft, fire or flood etc), with the right backup solution you could be working again within an hour or so!

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *