In a world of malware, viruses, cyber criminals and more, security and compliance is a big deal. The constant publication of high profile data breaches only encourages the fact that absolutely nothing is off limits when it comes to security hacking.
The European Parliament are enforcing the General Data Protection Regulation (GDPR) on 25th May 2018. If businesses don’t meet the compliancy criteria, they could face severe penalties of up to 4% of their worldwide turnover. Not a risk any business should be willing to take.
Sigma distribute a trusted range of security products that will protect businesses from today’s ever-growing list of cyber threats.
The UK Government’s Cyber Essentials scheme encourages organisations to adopt good practice in information security. It describes the following five key controls for keeping information secure.
Click a headline below for more information
• Boundary firewalls and internet gateways
The first line of defence against an intrusion from the internet. A well configured firewall can stop breaches happening before they enter a network. An internet gateway can prevent users within an organisation accessing websites or other online services that present a threat or aren’t trusted.
• Secure Configuration
Almost all hardware and software will require some level of set-up and configuration in order to provide the most effective protection. You should remove unused software and services from your devices to reduce the number of potential vulnerabilities. Older versions of some widespread software have well documented security vulnerabilities. If you don’t use it, then it is much easier to remove it than try to keep it up-to-date. Make sure you have changed any default passwords used by software or hardware - these are well known by attackers.
• Access Control
Organisations should restrict access to their systems to users and sources they trust. Each user must have and use their own username and password. Each user should use an account that has permissions appropriate to the job they are carrying out at the time. You should also only use administrator accounts when strictly necessary (e.g. for installing known and trusted software).
• Malware Protection
You should have anti-virus or anti-malware products regularly scanning your network to prevent or detect threats. You will also need to make sure they are kept up-to-date and that it is switched on and monitoring the files that it should be. You should also make sure you receive and act upon any alerts issued by the malware protection.
• Patch Management
Computer equipment and software need regular maintenance to keep it running smoothly and to fix any security vulnerabilities. Ensure the latest supported version of applications are being used and all the necessary patches supplied by the vendor have been applied.
With the rise of Bring Your Own Device (BYOD) in business, it is important to ensure that personal data is protected in case a device is lost or stolen.
In a BYOD environment, it is essential that personal data is appropriately secured so that it cannot be accessed in the event of loss or theft.
Encryption is a means of ensuring that data can only be accessed by authorised users and comes in many different forms and offers protection under different circumstances.
Cloud computing is a model that gives on-demand access to a shared pool of resources and these resources can be provisioned and released with minimal management effort.
According to Cloud Security Alliance (CSA), over 70% of the world’s businesses now operate partly on the cloud. With benefits including automatic updates, lower fixed costs and the freedom to work from any location, cloud computing seems like the right move.
The cloud has opened up a whole new world for storage, access, flexibility and productivity, but it has also opened up a new world of security concerns.
Click a headline below for more information
• Data Breaches
Overall data breaching is three times more likely to occur for businesses that utilise the cloud than those who don’t.
• Hijacking of Accounts
Attackers now have the ability to use login information to remotely access sensitive data stored on the cloud giving them the ability to falsify and manipulate information through hijacked credentials.
• Insider Threat
Employees can use their authorised access to an organisation’s cloud-based services to misuse or access information such as customer accounts, financial forms and other sensitive information.
• Malware Injection
Malware injection is the act of inserting - or injecting - malicious code into a cloud server. The attacker uploads a crafted image and manipulates it to be seen as part of the victim’s cloud environment.
• Insecure APIs
Application Programming Interfaces (APIs) give users the opportunity to customise their cloud experience. As the infrastructure of APIs grows to provide better service, so do its security risks. API vulnerabilities lie in the communication that takes place between applications. While this can help programmers and businesses, they also leave exploitable security risks.
• Denial of Service Attacks
Denial of service attacks are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, or they may overload the capabilities of a machine or network and block all users at once.
• Data Loss
Data on cloud services can be lost through a malicious attack, system failure, or a data wipe by the service provider. Losing vital information can be devastating to businesses that don’t have a recovery plan.
Did you know only 31% of small businesses take active measures to guard themselves against security breaches?
Seen as the perfectly unprepared target, small and medium business’ are becoming the prime focus for hackers and cybercriminals due to their lack of knowledge and resources when it comes to keeping their IT systems secure.
A risky situation to be in considering smaller businesses will find it harder to repair the damage if their data is compromised. The cost of recovery is staggering and in most cases, it leads to the shutdown of businesses.