There’s little hiding from this scary statistic - during 2018, 43% of UK businesses reported data breaches or attacks, while 74% stated cyber security is a high priority for key decision-makers in the business.
Speaking at the Gatwick Diamond Educational Seminar, 4D’s Managing Director, Jack Bedell-Pearce, outlines 5 key principles on protecting your data from hackers:
1) Update, update, update
The biggest kind of security threats are known as ‘Zero Day Attacks’ – these are brand new attacks for which, during a very short period, everyone is vulnerable. This is very enticing to hackers because they know they can attack a large number of people, potentially installing Trojans or malware onto victims’ devices, before patches can be applied – and, if they’re quick enough, even when the patches haves been applied, they can still effect lots of computers or devices.
One such example is the BlueBorne attack of 2017, which affected all Bluetooth enabled devices worldwide. Worst case for devices that hadn’t been patched, the hacker was able to gain complete control of the device. 1 year on, over 2 billion devices are thought to still be exposed due to them not having the latest patches installed (despite patches being released for the vulnerability within 2 days of the exposure).
This highlights the importance of having security updates installed as soon as they become available. Therefore, if you have an auto-update feature on your device, make sure you have it enabled, as you don’t know what zero day attacks are around the corner.
2) Upgrade, upgrade, upgrade
But what if updates aren’t available for your device? By January 2020, businesses will have to be prepared for the discontinuation of support for the following:
- Windows 7
- Office 2010
- Exchange 2010
- Small Business Server 2011
- Windows Server 2008
This means updates will no longer be released for the above software. If your business uses any of them, you can:
a) Continue using them and risk the wrath of someone finding a new exploit within them (which won’t be protected with a new update); OR
b) Upgrade to a newer version of the software
As a general rule of thumb, companies like Microsoft will not support software after 5 years of its release (although this doesn’t apply with cloud software, which benefits from automatic updates), and hardware should be replaced about once every 7 years.
3) Beware BYOD
One of the most likely attack vectors hackers look for is companies who allow bring your own device (BYOD). Basically, employees using their own mobile devices to connect to an office network. If the device has any connection to the business network, this gives the opportunist a very easy way to break in and steal sensitive data.
Remember to audit all your staff on a regular basis - look at what devices are connected to your network, enable encryption and turn on auto wipe features.
It’s also strongly advised to never use public Wi-Fi. Take, for example, a McDonalds Wi-Fi hotspot - such a hotspot can easily be spoofed by the intruder, enabling any devices which auto-connect to McDonalds’ Wi-Fi to connect to the spoofed network. This gives the hacker ability to see all of the data going back and forth on the connected device.
4) Harden your office hardware
Firewalls are the first line of defence. But just plugging in a hardware firewall will not give good protection, so make sure you have someone technically qualified to set it up. You should also change your Wi-Fi password regularly and when someone has left the company.
You should minimise the use of USB drives as, unless you’re 100% certain they’re safe to use, they shouldn’t be plugged into a work PC given the risk of potential infection. Make sure you educate your staff about such best practices.
5) Server protection
Upgrading to the cloud can be helpful as updates and auto-patches are taken care of, but knowing where your data is stored will become more important given the implications of GDPR and data sovereignty after the UK leaves the EU. On top of this, cheap cloud solutions often scrimp on security and public cloud itself is not immune to data breaches and outages, so ensure all data is encrypted to protect against theft.
If you have servers in-house, you can get them penetration tested by cyber security experts who will be able to assess how secure your network is. Alternatively, you can move your servers to a data centre to remove the costs of maintaining and securing your hardware in-house.
For more information on protecting your business’ data, contact us today or call 020 3962 0399.