A lot of people ask me about security and are often confused when I say you need multiple layers of security. This blog aims to explain the multiple layers and relates them to how you secure your own home or office. Continue reading
Every day there there is news about some new malware, data leak or company hack. Your business is vigilant, but it feels like you always have to be doing more about cybersecurity to remain protected. Meanwhile, you want to balance security measures with convenience, usability and cost. That balancing act puts you somewhere on the sliding scale of security. Continue reading
In many areas there are myths that we accept as fact. Some of these are actually quite dangerous: this article debunks some cybersecurity myths so that you can keep your business safe. Continue reading
The rise in cloud services has caused a big increase in hacked cloud accounts. Compromised login credentials are now the #1 cause of data breaches around the world according to IBM Security’s latest Cost of a Data Breach Report. Continue reading
Most people see reports on ransomware hitting government departments, hospitals and other big name companies. As such they think it won’t happen to them as the bad guys are just targeting the larger companies and organisations, but ransomware can just as easily infect your own computer. Continue reading
Many families today have a shared home computer to help with all their normal day-to-day activities. A teen can do school work, play games and chat to friends, a parent can check work emails, pay household bills and shop online while the youngsters play some games and browse YouTube. Yet with COVID-19 sending so many people home to work, the shared computer is getting a lot more use and is now also being used for business or corporate work. Continue reading
You should have heard about ransomware by now. Cyber-criminals access and encrypt your data and you have to pay a “ransom” for the key to unlock your data. If you have a backup you can revert to that and forget about the hackers threats. Leakware (also known as extortionware) is similar, but now the bad actors are threatening to post your confidential information online if you don’t pay up. Continue reading
“Your computer has a virus.” Such a dreaded phrase!! With a “human” virus we can feel awful and miss work but when a virus hits our computers, we can lose valuable information and be vulnerable to attack. Continue reading
Hackers today have many ways in which to attack small businesses and business owners. Many hackers attempt to gain information or attack businesses with malware, viruses or phishing attacks. One or more of these techniques can be combined with gaining physical access in an attempt to steal information and data from vulnerable firms.
This articles will help you identifying precisely how criminals target businesses to help protect you from the most devastating attacks out there.
Protecting your business against the latest IT threats should always be a top priority. Updating your antivirus and keeping your operating system and applications up to date is a great way to start. What happens though, when a threat appears at your door before security firms have had a chance to catch it?
A security threat that exploits a previously undiscovered vulnerability is known as a zero-day threat. The name “zero-day” is designed to show how long since the vulnerability was discovered and also indicates that system developers have had zero days to fix it.
A newly discovered attack might be included in a computer virus or worm. This will allow it to spread far and wide, while inflicting the maximum amount of damage possible. When spread successfully, a new exploit has the potential to reach hundreds of thousands of computers before an operating system or anti-virus update can even be issued.
Here are 4 ways to help protect your business or lessen the damage from an unknown or zero-day attack.
1. Preventative security
The number one way to mitigate the damage from any attack is to prevent it from happening in the first place. Maintaining a good firewall and up-to-date security system is the best way you can take to ensure the security of your system.
A firewall, which monitors traffic in and out of your network, reduces unauthorised entries and exits over the network. Even without knowing the exact nature of the attack, suspicious activity can be stopped.
The same is true of modern security software. Even when it can’t identify the specific zero-day threat from its virus database; it can often identify malicious intent from learned behaviour in the system.
2. A Locked Down Network
Should a zero-day threat make it into your network, our next goal is to limit its effects. By restricting user access to only essential files and systems we can limit the damage done to the smallest area. Good security policy dictates that each account should only have full access to the systems needed to complete the user’s job. For example, users from the accounts department shouldn’t have access to sales department databases – see our blog article here on this area of security.
In this way, the damage of a single compromised account is limited to only the network area it has permissions to. Limiting the impact makes it easier to recover if the worst happens.
3. Good Data backup
Whether your entire network has been exploited or only a small area has been affected; good data backups are a must and are your protection against major long term damage. Having a good backup means having the procedures in place to create regular backup copies and also regularly test those backups to make sure they can be restored at a later date.
Reliable and well tested backups are worth their weight in gold. They allow you to sleep well at night knowing your data is safe and your system can be recovered.
4. Intrusion Protection
While the precise methods of a zero-day exploit can’t be known in advance, a network intrusion protection system (NIPS) can monitor your firms network for unusual activity.
The advantage of NIPS over a traditional firewall and traditional antivirus software is that it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by learning the day-to-day patterns of network activity across the network.
When traffic or something out of the ordinary is detected, action can be taken to alert system administrators and lock down the network.
NIPS protects against threats introduced to the network from both external and internal sources.
Full Cover Protection
Used in combination these techniques can prevent, protect, and mitigate against the kinds of threats that even the top security firms don’t even know of yet.
If you could use help protect your business against security threats and are in Adelaide or South Australia, then give us a call today at 08 8326 4364 or via email at su*****@dp*********.au.