In light of last month’s Wannacrypt outbreak, the team here at ActionPoint decided to take a proactive approach and give you the best IT Security tips from our leading experts. This week’s post is co-written by our very own Jonathan Deane who is IT Security Director and works from our Limerick HQ.
How are we protecting ourselves at the infrastructure level?
Good IT security starts with ‘Good’ infrastructure. Simple steps that can be taken to protect yourself include:
- Reset Manufacturer password on all new machines and equipment
- Monitor Server Activity – Flag unusual server load or stress
- Ensure Patching is up to date
This final point is especially relevant, much of WannaCrypt’s damage was caused to Microsoft operating systems that hadn’t been updated with the latest patch (with the exception of Window’s XP, which wasn’t supported). That patch was released in March and would have saved a lot of unnecessary pain particularly among organisations like the NHS.
Johnathan’s advice: Keep operating systems updated and patched. Microsoft, Apple and Linux release regular updates, it’s up to your IT Partner to stay on top of these updates.
My Team works remotely, how is my data secured?
Your team will need to access company files and data on the go but mobile phones and tablets can be lost, stolen or compromised. It happens.
How does a Business Owner stay protected in this instance?
Two-factor authentication is the best way to safeguard your data on any device, in any location. One layer of authentication exists within standard logins for Azure, 365 or any cloud based service.
However adding a second “unique” password to each device can give you added assurance that your data is safe. Great tools in this category include Microsoft Identity Manager (MIM) or Azure Active Directory.
Jonathan’s advice: 2 factor authentication is a no-brainer but another factor to be considered will be “Data at rest” procedures being stipulated by the fast approaching GDPR. (We will speak about Data at rest in another post later this month)
61% of workers report working outside the office at least part of the time; 3+ devices are used daily by an employee for work activities; The number of devices managed in the enterprise increased 72% from 2014 to 2015 – Citrix
Who has access to my data and what level of access does each employee have?
Many employees will access company data through different devices and in many different places. Having oversight over who has access to company data is especially important for effective control and threat mitigation.
For instance, allowing Sales Executives access to high level financial data, such as employee’s account and personal data is unnecessary unless the data relates to the Sales Executives day to day activities (which is unlikely). Tracking and auditing activities on different files will keep Management up to date and will raise flags on any anomalies. Using software like BigID allows you to track who is accessing files and where those files have been accessed.
Another issue that can occur is when employees move between companies. Ensuring that shared documents or spreadsheets are protected for ‘Company Use Only’ is another crucial step in protecting your organisation.
This is NOT a “PARANOID” big brother policy, this is simply reducing the number of unnecessary access points to your company’s private data.
Jonathan’s advice: Levels of clearance and privilege should be mapped out in a directory. We recommend using Active Directory by Microsoft which runs standard on most MS operating systems. Reviewing this on a regular basis (Monthly, Quarterly or Annually) is a key step that ActionPoint take with our clients.
Have you dealt with Cyber Attacks in the past? What Security credentials do you have?
Having the piece of mind that your data and business are in good hands is something every Senior Executive deserves. However, new forms of malware are discovered all the time and have evolved to infiltrate even the most advanced firewalls and anti-viruses.
As a growth focused company, your security requirements will change. Reviewing where your IT partner is placed to manage these changes in requirements is important. Partnerships and access to a technology network are areas we recommend assessing when it comes to renewing your service agreements.
Our Partnerships with companies like Sophos ensure that we are first in line to test and deploy the latest security technologies.
Jonathan’s advice: Review Technology partnerships and examine Case Studys. Make sure your Technology partner is positioned to support your growth.
Who monitors and flags suspicious activity?
It is crucial to have systems in place that monitor and alert your team of any suspicious activity at device and/or server level.
Your Firewall will handle most incoming threats, however, if the firewall is breached, what is the procedure? Your IT support team will run automated checks that create alerts if there are any unauthorised entries. If there is an attack, various points of contact at the company will be notified until the situation is examined and resolved.
There should also be an out of hours service agreed in your Service Level Agreement which outlines the delegation of responsibility when security flags are created at evenings and weekends.
Jonathan’s advice: Testing access points when configuring your firewall will ensure you know, what triggers alerts and what doesn’t.
What Happens if we’re attacked?
Many of us can’t bear thinking about a potential breach but if you are a larger organisation, an “Attack” can be costly. Loss of data, fines and negative publicity can have far reaching consequences including loss of business.
Incident Management Procedure
Having an Incident Management plan in place is crucial to avoiding panic when the worst happens. An Incident Management plan can vary in length from a 1 or 2 pager to 10+ pages depending on the size of your organisation.
- The key stakeholders to be contacted
- Escalation path
- Key Monitoring milestones and reporting (Minute by Minute)
- Establishment of “War-Rooms” at different intervals for emergency meetings with key stakeholders
Jonathan’s advice: The length and complexity of the Incident Management plan in unimportant. What is required is the establishment of a reliable team and a process to avoid panic, in the event of a security breach.
- Business Owners and IT Managers need to combine common sense and pro-activity at the infrastructure level.
- Having a birdseye view of data access in your organisation is imperative to minimising external threats (Think who (accessed our data), where, when and why?)
- Can your IT Partner grow with you? Do they have the people and technology to support your business?
- Attacks are uncommon but it pays to have a plan in place
If you are looking to review your current IT Security set-up or just seeking some advice, Jonathan or a member of our Security Solutions team are happy to take your call.