Help, My data is being attacked, what are they after?

Its not personal-its just businessAs a small and medium business and not for profit organisation why is my business data being attacked and what are the attackers after.   This question has many answers, it could be kids who want to see if they can access your data just for the sheer hell of it or it could be something a lot more sinister.   If an attacker gains access to your data and information then you could be in for a very hard time.

SME’s are easier targets for criminals, they lack the internal training and knowledge required to protect their sensitive data.   They have limited access to high end and costly security features and resources.   Most of the time, SME’s do not realise how vulnerable they are to both internal and external attacks.   When an SME is attacked or compromised, the repercussions and effects of that compromise are all mechanisms of having a decent security strategy.   The resilience of the business will ensure that if something does happen that the business is in a better position than previously thought.

What can be damaged?    In the event that your business is attacked there are 6 things that will create havoc if the attacker gains access to your data and information:

One of the most devastating repercussions of an internal or external attack is the Destruction and loss of Intellectual property or Trade Secrets.   Most SME’s have significant money and intellect tied up in what they do and how they do it.   This information is critical to the viability of the business.    If your competition had access to this information then your business could take a significant financial hit?

Another area of damage that an internal and external attacker can visit on your business is Vandalism.   This sounds pretty strange but one of the most psychologically damaging things that can happen to a business, the owners or management and also the staff is to have their web site changed, or even worse changed in such a way that it is infected with malware so all of their visitors become infected.    There is nothing worse than going to your web site and finding that the content has been changed.   It may be just a prank but the repercussions can be pretty overwhelming.

An internal or external attacker can do a great deal of damage to a business’s reputation.   This can be achieved in a number of ways.   The most prevalent is the fact that you have been compromised and you don’t inform your clients, or you have been compromised and the internet finds out about it.   What happens if an attacker gains access to your client file list and sends each of your clients an invoice.    In another situation is if your internal memos, where a comment about a client can be taken out of context or misconstrued were released to the outside world.   That would have a significant impact on your reputation, Think WikiLeaks.

Internal or external attackers can use information that they have gained for fraud and theft.    They can sell or give away the information on the internet to the highest bidder through notice boards and chat rooms and depending on the information – credit card details – they can gain access to your client’s money and steal it.

A security breach doesn’t always include the loss of information, if your data becomes unavailable through an internal or external attack then you will have the additional problem of Lost Revenue.   If the information and data for your business is off line due to an attack then your business will start to loose income.   Depending on the length of time that your data is unavailable will have a significant impact on your business.

All of the information that you have on your business system is your responsibility to protect.   If you fail to protect that information then you may be legally liable to your clients in regards to breaching their privacy and personal information.   This liability can take on many forms and could include compensating your clients for the loss of their personal information.

The responsibility to protect your business data and information falls squarely on the shoulders of management and owners when it comes to protecting the business.   Implementation
of a security strategy will allow the business to be in a better situation to protect the business, react if the business is attacked or recover when something does happen.

I bought in my iPad can I use it for work?

3D Small People - Flight On PhoneMobile devices are invading our homes, workspace, businesses and organisations.   They are being demanded by workers, Y gen users and teenagers.   Management are always in the situation of trying to catch up with their use and fold them into their business model.

One of the major problems with mobile devices is the how do you secure them and what needs to be secured on the device.    Mobile defence and security consists of 3 areas – the device itself, the data, apps and access to information and the rest of the network.

Here are some ideas for making sure that mobile devices are as secure as possible.

The device – what happens if the device is lost or stolen?    Without a good security strategy it would not matter if the device is issued by the company or it is personal there will be incriminating and business critical information available on the device.   Passwords and encryption is widely used to restrict access to mobile devices, even home users can use
“mobileme” to find their iPhone / iPad or set it up that after 5 failed attempts at access it wipes the device and can only be reactivated by talking to the provider with the account holders information.   There are even better applications available at a business and corporate level.

In the business world it depends on whether you only allow access to the business through business supplied devices or it is open slather you still need to have some level of control.
If you control the device then you can wipe the device if it is lost, stolen or misplaced without any repercussions.   You also need to ensure that all devices have some level of backup and
recovery feature to ensure that important business data is not lost.   If the business doesn’t own the device then you also need to ensure that control over the system allows for the remote
removal of information deemed business critical.

The data, apps and access information that is on a device can be business critical.   Specific apps developed for the business may have critical implications if accessed by unauthorised people on a stolen device.  Some applications also deliver and retain business data on the device itself.   Finally all of those web sites or applications that have access to personal information – banking software, linked in, Facebook, what happens if that information is compromised.   As a safety system never allow the device to save your password, yes I know it is so convenient to have that one click access but!

The use of mobile devices is also compliant on the main business security strategy.   They should always comply with traditional defences like firewalls, encryption and secure passwords and should not be used as a bypass for information access on the business network.   If possible wireless access to information through a device should be done through separate network
access and VPN’s thus adding additional levels of protection and security.

How you protect your information is compliant on your business security strategy.   If you want your people to bring in their own devices or you are going to supply them then
that is your decision but it needs to fit in with your business direction and requirements.    If you have staff that constantly loose or misplace equipment I would seriously think about making the systems as secure as possible.

3 quick things you can do to secure your home computer?

Everyone knows that computers are the most influential piece of equipment for both the office and home to come around since the ball point pen.  An office environment has the benefit of having either a managed services or outsourcing company or onsite technical expert and expertise to protect their data but a home computer doesn’t.  The technical support usually comes from mum or dad or from the teenager.  This can be disastrous especially if the computer is used for other purposes like internet banking, internet purchases or keeping confidential personal data safe.

Most of the time the protection for a home computer is the installation of an antivirus software package and then the whole thing is forgotten in the euphoria of accessing the internet, doing the “Facebook thing” and playing games either on line or against the computer.   Don’t get me wrong I “LUV” playing games on my computer but I believe that I have a relatively secure laptop most of the time, but I have the luxury of having a little training and experience behind me.

So what can YOU do to protect not only your computer but also your personal data and your internet banking?   These are 3 of the most basic things that you can do in the never ending process of keeping yourself secure:

AntiVirus: There is no excuse for not having some level of antivirus installed on your computer.   There are a number of freely available packages – Security Essentials (Microsoft), Avast or Avira, that will stop most viruses in the wild but there are times where they will not pick up viruses that have not been discovered.  A more secure antivirus that does a lot more will have to be purchased.    If you are looking to purchase one of these packages then you should be looking at Kaspersky, Norton (Symantec), Trend or the like.   These packages do a lot more than just track your antivirus.   They will protect your computer from Malware (Scripts being run from a website), I had this experience just the other day when I was doing some research and went to a website that wanted to infect my computer.   My antivirus protected me.  Most of them also have a decent Anti-SPAM component as well as a fairly substantial firewall.   I can hear you from here – I have a MAC and it never gets a virus.  Sorry that is no longer true.    Some malware will infect a MAC and they are very painful to remove.

Firewall:  By having a firewall installed at all times especially when you are surfing the internet is not only a necessity but it can honestly save your wealth.   They can at times be problematic with false positives (incorrect readings) but as a first line of defence they are indispensable.   Although most firewalls are set and forget, if they detect something wrong they will pop up a warning – Please read it – so that you can make a decision on letting something in or not.  Again there are free variants available but good ones come packaged with the antivirus.

Update: I cannot say this often enough update as often as possible and don’t put it off unless there is a good reason.   The update process is designed to patch holes in operating system software as well as application of all types.    A hole in software is where the virus writers target their programs because they know that people are lazy and don’t like to update their computers and even worse restart their computers after the update process.   All of the big software companies, including game writers, now have an update process and after you install an application it will check the website through the application or every time that you open it.

As an additional point if you are running Peer 2 Peer software on your computer, normally installed by the teenager to download music and movies for free, then I suggest that you remove it.   Peer 2 Peer software is designed to punch holes through firewall and disable antivirus so that they can be seen on the internet.  Peer 2 Peer software works on the principle that there are numerous sources or copies of the wanted download that you want.   The problem is that the available directories can be used by outside people to store child porn, pornography or pirated movies and music that you may not even know about.

So there you have it.   Home computer security is mostly common sense and thinking ahead.    These 3 points will ensure that your computer is well on its way to being protected when you use it.

Do you rely Just On Security Technology to protect your business information?

Nearly every day you hear about another security threat spreading across the internet. As a small or medium business, or a not for profit organisation (SME) how vulnerable are you to these threats?

SME’s are connecting to the internet in record numbers to support improved and greater market opportunities, to increase productivity and to strengthen communications with staff, management, customers and suppliers. The problem is, the more you open your network and business to the internet the more your confidential business information and data is at risk.

So you think you are too small to be a target?

Think again, if you use Microsoft software then you are a target by default. Microsoft is not bad but it has the largest market share, therefore any released virus, worm or application created by a hacker can achieve more with less. These programs spread rapidly and inflict damage on a global scale and you, as an SME can be caught in their net.

Security threats are constantly emerging and evolving, the job of securing your business information becomes all consuming. Little jobs take time – updating and checking anti-virus, patching and updating operating systems and applications, checking firewalls with renewed rules and policies are a critical requirement of your business risk analysis.

They still have to be done regularly.

The importance of checking these components in a timely manner cannot be underestimated. Consider the cost in lost productivity, reputation and non-compliance penalties that a breach could visit on your business. Effective security can be costly, time consuming and difficult for SME’s to implement successfully. Skilled security people are often difficult to find and cost prohibitive to have on staff. As a result the job often falls on the technologically savvy staff member who is already snowed under with other ICT matters or their own job to implement security features properly.

Today’s security threats are business size neutral. They leave a SME with the same security challenges as large corporations. The trouble is that SME’s do not have the depth of resources to handle them. This is where a Managed Services Security Providers (MSSP) can be of benefit to your business.

What are the benefits to your business of outsourcing your security?

You can focus on your core business

Outsourcing allows all of your staff to concentrate on revenue generating business initiatives instead of computer, security and infrastructure issues. Having limited IT resources on staff takes business resources away from your core business.

Reduced Cost

Outsourcing security sources provides your business with access to “big business” security protection at an affordable price.  The expense is more cost effective than hiring or contracting a security expert and the consistent monthly billing helps ensure security services that you need are available without unforseen hassles and expenses. An integrated and comprehensive solution that can help reduce the expenses of maintenance, upgrades and add on security solutions is a benefit to any business.

24 X 7 (always available) expert security staff.

You’re on staff, in house expert is normally available only during working hours. In most cases your outsourced Security Company can act as an always available security and ICT management department. They can also provide your business with access to an internet security expert without incurring the cost of hiring, training and retaining highly skilled staff.

Gain Customised Service

All MSSP’s have service plans and you can select the service plan that will fit your requirements.

Receive up-to-date protection

Technical security solutions such as firewalls, antivirus software, content filtering solutions, and virtual private networks (VPNs) are far more effective when they are maintained regularly with the latest system updates.  Changes to your business resilience and regulatory requirements can also have a detrimental effect on your business stability.

Why R & I ICT Consulting Services is right for you!

How do you know you are getting what you paid for?

  1. Company reputation – see what our clients are saying about us. We have references and referees that you can ask.
  2. Plans and services – we have a comprehensive assortment of plans and services depending on your business requirements and size.
  3. Service Level Agreement – all of our plans and services have a service level agreement incorporated into them so that you know what will be delivered in protecting your business.
  4. Guarantee – We guarantee all of our technicians work with a 100% money back guarantee. We also stick to any pricing that we put forward to you. All projects are priced on a per project basis so that no matter how long it takes it will not cost you anymore. No more “time and materials” projects based on how long is a piece of string that have costs blowing out uncontrollably.
  5. Monthly Reports – we supply monthly reports that are delivered with your next month invoice. We like to prove how much we have done for your business in the last month.