Don’t Fall Victim to COVID-19 Cyber Security Threats

Covid IT ThreatsCybercriminals are nimble crooks that capitalize on current events. Right now, they’re exploiting the coronavirus.

Click here to download our Cyber Creeps & COVID-19 ebook and you will learn about:

  • Learn the many ways scammers are targeting email communications
  • Explore the best ways to educate your employees about threats
  • Discover the value of a Secure Email Gateway to protect your business

 

Email remains the number one means of a cyber attack. Cybercriminals are increasingly sophisticated and always motivated. Companies from any industry, of any size, face targeted threats preying on heightened anxiety around the health pandemic.

Don’t be caught unaware. Review the known threats, get your users up to speed, and set up an email scanning solution to reduce risks.

Click here to download our Cyber Creeps & COVID-19 ebook

Protecting A Business from Internal Threats

When considering IT threats to your business many articles focus on external sources such as hackers. While these dangers are real, in many cases, the largest threat to a firm comes from inside the business itself.

Staff often have trusted access and a detailed working knowledge of the organisation from the inside. Employees therefore deserve the largest security consideration when designing a safe and secure business system.

It is important to first distinguish the type of employee we want to defend against. For this article we do not mean a model employee accidentally opening a malicious email or attachment (that relates to a different kind of threat). Rather, a disgruntled employee seeking to do damage to your business. An employee who may wish to destroy services or steal clients and files from your firm.

Security Policy

A lot of firms grant employees system-wide permissions. While this can make things appear simple, it is opening the business to future risks.

Private and confidential information relating to the business should be restricted. Many types of files need to remain confidential, often as a legal or privacy requirement. Human resource files, salary information, and employee documents should be limited to only a select few employees. Yet many businesses keep confidential information in public places on the network.

Granting system-wide read and write access can appear to save time in the short term. It is, however, opening up your business for potentially legal troubles in the future.

The Principle of Least Privilege

The principle of least privilege is a vital tool in helping you to handle internal IT security. It defines a security policy which ensures your staff can access only the resources, systems and data they require to carry out their job.

The policy protects the business from many different types of threats. Even where malicious attachments have been opened by accident, the damage is limited only to the areas that employee has access to. This results in contained damage, less time needed for data restoration and reduced downtime for the firm.

Along with limiting accidental damage, employees looking to destroy or steal data are limited. With restricted access, an employee with a grudge or profit motivation can only damage or steal from their own area of operation. This helps to ensure that no single employee can damage the entire firm’s operations.

Security Policy In Practice

A member of staff within Human Resources, for example, may have access to the employee database (as it relates to their job). This will likely include payroll information and other sensitive data. But this same member of staff would have no need to access sensitive client data, such as sales information in normal working conditions.

Likewise, a staff member from the sales department should have no need for accessing sensitive HR records.

Using the principle of least privilege, each employee will only have full access to systems that are directly related to their role. Similarly, some systems may be visible to a wider group of staff members even if they can only be edited or deleted by one or two people.

In some cases, a security policy may be defined by finer details than a person’s role within the business. For example an HR employee should not be able to edit their own file to change salary information. An employee file might only be edited by their superiors in such a case.

Additional parameters can be used to assign privileges to enable the business hierarchy to work within the IT network. Seniority, physical location, and time are all examples of factors that can restrict access to critical systems and secure data.

We can tailor your network to your business, locking down your data to ensure data is only accessed on an “as needed” basis. Contact us now on 08 8326 4364 or support@dpcomputing.com.au.