When we’re talking with customers, security inevitably makes it into the conversation. Rightly so, IT is at the core of almost all business activities, and security breaches are costly, both in dollars and in reputation. TechPath’s dedicated security team works with all sorts of organisations to beef up their protection, so we asked our experts for advice on how to stay safe:
What are currently the most common security flaws or gaps that you see in your work?
“The most common cyber-attacks today have one thing in common – they’re almost always caused by human error. That can include clicking on a malicious attachment, following a suspicious link or being tricked into giving away sensitive information via email. Cyber-criminals are getting smarter and more professional. Rather than leveraging technology to gain access to a computer system or network, attackers know it’s much easier to trick somebody who already has access.”
How have security needs and trends changed over the last couple of years?
“The one constant is that security is always changing. It’s an ongoing cat and mouse game between attackers and defenders, where each comes up with a newer technique to trump the other. When a new attack is released, security researchers find a way to protect against it, which the attackers then inevitably work around.
“Attackers have begun to realise that human being can’t be patched like computers, so they aim for key individuals within an organisation. This has led to a massive increase in targeted attacks, particularly against SMEs that may be ill-equipped to respond to such threats.”
Are there any low cost actions that can quickly improve security?
“There are many things that you can do to improve security without blowing your entire IT budget. It’s the bread and butter of cyber security. Some of the most important are:
- Make sure your systems are fully patched and up to date.
- Ensure that you have anti-virus and firewall protection configured on all servers and workstations.
- Implement a policy of least privilege within your network, to make sure that nobody has more access than they need.
- Train and educate your employees about avoiding cyber threats.”
How often should businesses conduct a security audit/test their security plan?
“Security isn’t a one-time event like a car service that can be done annually. It’s an ongoing process that should always be under review. Having said that, it is good practice to conduct bi-annual security audits that measure how well your business is performing. This is an opportunity for an independent check, which may bring serious security issues to light that would have otherwise gone unnoticed.”
What is the advantage to having an independent check?
“It’s important to explore what’s at stake. For example, sensitive data like sales databases, intellectual property or even customer records. The revenue and reputation of your business directly depends on your ability to secure that information. With the stakes so high, it’s critical to seek professional advice.”
Have you helped customers who have already experienced a significant security breach?
“A recent infection of the CryptoLocker virus forced a national accountancy firm completely offline. Luckily, the infection occurred on a Friday, however users were sent home early, costing tens of thousands of dollars in labour. The outbreak took the entire weekend until the early hours of Monday morning to resolve – obviously the outcome for the business would have been more severe if the infection had happened on a Monday.”
What do you believe are TechPath’s greatest strengths in terms of advising customers about IT security?
We’ve been helping our customers with their IT for more than 20 years – and security has been no exception. We take the security of our customers very seriously, so much so that we’ve developed our very own dedicated security team. Whether you’re looking to audit your existing security or even take steps to improve it, TechPath have the knowledge and expertise to help you build a more secure business.
For more about IT security planning and auditing, contact the TechPath team.